Only one in five organizations has a good insight into their software supply chain. Most companies do not know which components and dependencies their solutions contain. A large-scale data breach quickly threatens without any warning.
The research comes from Anchore, namely the 2024 Software Supply Chain Security Report. Other findings focus on poor adherence to best practices in the software world. Consider the lack of a software bill-of-materials (SBOM) among 51 percent of respondents, which, according to 78 percent of respondents, will be improved within a year and a half.
For the research, Anchore interviewed 106 specialists within organizations who are responsible for the supply chain security of their organization. Previous research from JFrog already showed that supply chain risks are increasing.
Tip: Supply chain risks are becoming an increasing problem for companies
Major (unforeseen) damage
Easier said than done, but doing it is also necessary. After all, no one wants to be the next Blauw, the Dutch market researcher who suffered a large-scale data breach due to an error by software supplier Nebu. The latter subsequently refused to cooperate in an investigation, but was forced to do so by the judge. Ultimately, 16 government organizations also turned out to have been affected by the Nebu leak.
Requiring an SBOM is very important. This is particularly the case for organizations that process a lot of personal data and not just that of their employees, as the impact quickly becomes enormous. The fact that Anchore respondents describe supply chain security as a priority (76 percent) is therefore a good thing. Now we still have to put our words into action.
One of the main motivations, according to the research, is to meet compliance requirements. On average, organizations must comply with 4.9 standards and rules, the report notes. Respondents foresee more problems in the future, mainly due to AI. Embedded AI libraries will cause headaches in terms of supply chain security, according to 77 percent of respondents.