1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Software supply chains are becoming a worrying weak link for firm

    From TechnologyDaily@1337:1/100 to All on Mon Jul 1 12:45:05 2024
    Software supply chains are becoming a worrying weak link for firms of all sizes

    Date:
    Mon, 01 Jul 2024 12:32:17 +0000

    Description:
    Application Security leaders are keeping open source code top of mind at all time, fearing potential attacks.

    FULL STORY ======================================================================

    All companies that use open source code in their software are at risk of supply-chain attacks, regardless of their size or industry theyre in, new research has warned.

    A report from cybersecurity experts Checkmarx claims despite the grim
    outlook, things are looking up for application security (AppSec) leaders.

    To draft its 2024 State of Software Supply Chain Security report, Checkmarx surveyed 900 AppSec professionals in the US, Europe, and Asia-Pacific - but all of them - 100% - claimed to have experienced a software supply chain attack at some time in the past. Understanding new risks

    While this definitely isnt good news, the trend in the last two years shows promise. While almost two-thirds (63%) reported falling victim within the
    past two years, less than a fifth (18%) suffered such an attack within the past year.

    The news is worrisome, and AppSec pros are aware of it. Three-quarters (75%) said they were either very concerned (39%) or concerned (36%) about the
    risks. However, theyre not sitting idly. While in more than half (56%), organizational applications contain open-source packages, 57% said software supply chain security was a top, or significant area of focus.

    More than half (54%) are planning to use, or are currently investigating, a potential solution, while 50% are requesting software bills of materials from their vendors.

    For Amit Daniel, Chief Marketing Officer at Checkmarx, its critical for CISOs and security leaders to make it easier for developers to understand the new risks and secure their entire software supply chain.

    Malicious is much more than vulnerable. We have seen more attacks on the open source ecosystem in the last two years than ever before with over 385,000 malicious packages detected to date by our own Checkmarx security research team Daniel said. Software supply chain security has become an active target of government regulatory and cybersecurity agencies and is top of mind for over half of global enterprises we surveyed. More from TechRadar Pro Software supply chains are proving easy pickings for cybercriminals Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/software-supply-chains-are-becoming-a-w orrying-weak-link-for-firms-of-all-sizes


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)