A recent study by IDC with the participation of 500 IT and security professionals at the global level reveals that, Despite a greater investment in the vulnerable patch, problems persist In the software supply chain.
According to the report, 36% of organizations adopt open source solutions to accelerate development and 7 out of 10 consider them key to their critical operations. The main reasons for this adoption include cost reduction (44%), the possibility of customization (35%), development speed and, to a lesser extent, security improvement (31%).
However, this same fragmentation – at the case of multiple projects and repositories – complicates security management, especially in modern cloud environments, where strict regulatory requirements and a specialized talent scarcity converge.
One of the most relevant findings of the report is that Vulnerabilities patch is maintained as the main challenge. 70% of the teams dedicate more than six weekly hours to this task, but only 23% are satisfied with their ability to resolve vulnerabilities effectively.
The use of containers, usual in microservice and devote architectures, adds an extra layer of complexity. Although 70% of organizations impose patch policies in less than 24 hours after the detection of vulnerability, only 41% trust their real capacity to fulfill them. The lack of automation, fragmented tools and high frequency of updates prevent agile response.
37% of respondents admit not to understand at all how compliance regulations (such as GDPR, Hipaa or Fedramp) apply to their systems and technologies. This lagoon increases the risk of regulatory sanctions and weakens the security position of many organizations.
In addition, 40% indicate the Lack of qualified personnel as a critical barrier to guarantee safe environments. As threats sophisticate, talent is scarce capable of approaching them effectively.
Although 9 out of 10 organizations would prefer to obtain their software packages from verified repositories of the operating system, in practice many resort to non -verified sources. This third -party dependence without consolidated guarantees exposes companies to attacks in the supply chain and outdated packages, hindering uniform security management.
The IDC study highlights that, despite advances in maintenance and patch practices, the safety of open source business applications remains a pending subject. The combination of complex environments, regulatory pressure, lack of talent and inefficient tools leaves many exposed organizations, forcing them to rethink their approach to the safety and governance of the software.
It should be remembered in this regard that S&P Global Ratings recently published another report in the same direction, but with a broader vision, and that is that the dilemma of insufficient vulnerabilities and security policies is not reduced to the scope of the open source, it is a generalized problem.
