Software supply chain risk is now mainstream. More than half (52%) of respondents are “very” or “extremely” concerned about software supply chain risks, according to the first annual Securealities Software Supply Chain Risk report released by Coalfire. The study reveals sharp budget increases, a dramatic rise in executive-level awareness, and growing enterprise demand for more testing, training, and process improvements to better protect digital assets.
The report also said that more than 50% of boards of directors with software-buying companies are raising concerns, which means that responsibility for software supply chain risk is no longer confined to technical teams.
Organizations aren’t standing on the sidelines – they are taking decisive action to combat supply chain vulnerability: Among software buyers, nearly 60% have increased testing on third-party applications and 50% are purchasing new systems or new tooling. Also, two-thirds have implemented additional staff training budgets to help manage the deluge of application vulnerabilities.
Given the Software Bill of Materials (SBOM) requirements within the President’s EO, 54% of organizations are re-focusing on the SDLC. The report added that corporate leaders are planning to invest heavily in software supply chain risk management, with over one-third likely to allocate at least 10% of their application security budget to supply chain-specific processes.
Coalfire commissioned CyberRisk Alliance to conduct a survey of 300 respondents from both software buying and software producing companies. The goals were to capture the impact of highly public cyber events, President Biden’s Executive Order (EO) on cybersecurity, and procurement delays, and to discover what actions companies are taking to address these mission-critical challenges.