Software supply chain security is a major concern for most organizations worried about the prevalence of open source code in their products, a Synopsys and ESG report found.
Subsequently, most organizations intensified their supply chain security efforts in the light of high-profile supply chain attacks such as SolarWinds, Kaseya, and Log4Shell.
The Synopsys Software Integrity Group and Enterprise Strategy Group (ESG) found that 99% of organizations were using (80%) or planning (19%) to incorporate open source software (OSS) in the next 12 months. However, more than half (54%) of the respondents were concerned about the prevalence of open source software, while 41% worried about becoming victims of hackers targeting popular open source software. Another 40% had problems trusting the open source code origin, while 39% worried about the software bills of material (SBOM) in OSS.
According to Jason Schmitt, general manager at Synopsys, these and other concerns highlight the potential impact of software supply chain vulnerabilities on organizations posed by open source software.
Most organizations are prepared to address software supply chain security risks
The Synopsys/ESG report found…
