Majority of Organizations Impacted by Software Supply Chain Attacks Over the Past Year, with Many Struggling to Detect and Respond
Rhea-AI Summary
A recent report from Synopsys Software Integrity Group and Ponemon Institute reveals that 54% of global organizations suffered software supply chain attacks in the past year.
Many struggle to detect and respond, with 50% taking over a month to react. AI usage in code generation is prevalent, yet only 32% evaluate AI-generated code for risks.
Alarmingly, only 39% of leaders are committed to reducing software supply chain risks, and resources are often insufficient. Notably, just 35% of organizations implement Software Bills of Materials (SBOMs), critical for security.
Open source vulnerabilities are high, with 65% using it but less than half securing it effectively.
Positive
- 54% of organizations recognize the risk and are aware of software supply chain attacks.
- AI tools like OpenAI Codex, ChatGPT, and GitHub Copilot are widely used, enhancing development efficiency.
- 45% of security professionals report increased investment in software supply chain security post incidents like SolarWinds.
- 50% of organizations use SBOMs for general dependency and vulnerability management.
Negative
- 50% of organizations took more than a month to respond to software supply chain attacks.
- One in five organizations is ineffective in detecting and responding to attacks.
- Only 32% of organizations evaluate AI-generated code for license, security, and quality risks.
- A mere 39% of leaders are highly committed to reducing software supply chain risks.
- Only 38% find resources dedicated to securing the supply chain sufficient or very sufficient.
- 65% of respondents use open source software, but less than 47% secure it effectively in the supply chain.
News Market Reaction – SNPS
On the day this news was published, SNPS declined 1.88%, reflecting a mild negative market reaction.
Data tracked by StockTitan Argus on the day of publication.
More than half (
The data also shows that AI is becoming ubiquitous across the software development life cycle. The majority of security professionals (
Survey respondents also cited a worrisome lack of commitment from decision-makers when mitigating these issues. Only
"Supply chain attacks are becoming more prevalent across organizations globally, yet this report highlights the sustained weaknesses in existing software development processes and security standards," said Jason Schmitt, general manager, Synopsys Software Integrity Group. "Attackers are getting more sophisticated and thus finding more weaknesses that allow them to explore a supply chain where they can steal sensitive data, plant malware, and control systems. Particularly with the rise of AI-generated code, security teams need to maintain visibility into applications, and continuously evaluate IP, security threats, and code quality to reduce risk."
Additional key findings include:
- Organizations forgoing SBOM implementation: Software Bills of Materials (SBOMs) are critical to ensuring a secure software supply chain but only
35% of security professionals say their organizations produce them. Furthermore, only40% say they immediately stop the use of software if the supplier doesn't provide a requested SBOM. The main reasons organizations generate SBOMs are general dependency and vulnerability management (50% ), industry regulations (39% ), customer requirements (38% ), and government requirements (38% ). - Open source vulnerabilities remain a huge risk: Nearly two-thirds (
65% ) of respondents say they use open source software, although less than half of respondents (47% ) say their organizations are very or highly effective in securing it in the supply chain.
To learn more, download a copy of "The State of Software Supply Chain Security Risks" report, read the blog post or register for the May 23 webinar.
Methodology
The survey collected responses from 1,278 IT and IT security practitioners who are in organizations that are committed to achieving a secure software supply chain and have some level of responsibility for their organizations' software supply chain security strategy. The regions and countries in this research are
About the Synopsys Software Integrity Group
Synopsys Software Integrity Group provides integrated solutions that transform the way development teams build and deliver software, accelerating innovation while addressing business risk. Our industry-leading portfolio of software security products and services is the most comprehensive in the world and interoperates with third-party and open source tools, allowing organizations to leverage existing investments to build the security program that's best for them. Only Synopsys offers everything you need to build trust in your software. Learn more at www.synopsys.com/software.
About Synopsys
Catalyzing the era of pervasive intelligence, Synopsys, Inc. (Nasdaq: SNPS) delivers trusted and comprehensive silicon to systems design solutions, from electronic design automation to silicon IP and system verification and validation. We partner closely with semiconductor and systems customers across a wide range of industries to maximize their R&D capability and productivity, powering innovation today that ignites the ingenuity of tomorrow. Learn more at www.synopsys.com.
Editorial Contact:
Liz Samet
Synopsys, Inc.
336-414-6753
esamet@synopsys.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/majority-of-organizations-impacted-by-software-supply-chain-attacks-over-the-past-year-with-many-struggling-to-detect-and-respond-302146715.html
SOURCE Synopsys, Inc.