ActiveState’s supply chain security survey offers key security lessons for software vendors
VANCOUVER, British Columbia – February 10, 2022 – Today, ActiveState announced the results of its “2021 State of Software Supply Chain Security” survey. The findings provide insights into the security challenges of the software industry’s open source supply chain, which includes the security of open source components, as well as the security and integrity of key software development processes. The results point to the fact that software supply chain security is still in its infancy.
Click to tweet: ActiveState’s Software Supply Chain Security survey provides actionable insights for software vendors into how they can improve the security and integrity of their software development processes. https://ctt.ac/arEe0+ #secureyoursoftwaresupplychain
Securing the software supply chain encompasses vulnerability remediation (not covered in this survey) and the implementation of controls throughout the software development process. Key development processes include:
- Import – how secure is the process of bringing third-party tools, libraries, code snippets, packages and other software resources into the organization?
- Build – how secure is the organization’s process of assembling and building open source artifacts from source code?
- Run – how secure is the organization’s process of working with, testing, and running built artifacts in development, test and production environments?
The survey’s results, which were garnered from the responses of more than 1,500 developers, security professionals and open source leaders at organizations of all sizes worldwide, point to the immaturity of supply chain security across the software industry. Areas of concern include the implicit trust that a worryingly high percentage of organizations (32%) place in open source repositories which fail to deliver any guarantees as to the security and integrity of the software they provide, as well as the low levels of build reproducibility (only 22% of organizations), making it difficult for anything built from source code to be deemed secure.
Loreli Cadapan, Vice President, Product Management, ActiveState, said: “Much more work is required to address the software industry’s supply chain security shortcomings. However, integrating multiple point solutions to create an end-to-end secure software supply chain is a non-trivial undertaking. To overcome this challenge, organizations should look for a turnkey, out-of-the-box solution to quickly secure their software supply chain.”
ActiveState’s State of Software Supply Chain Security survey report is available for download for free.
ActiveState has a 20+ year history of providing secure, scalable open source language solutions to more than 2 million developers and 97% of Fortune 1,000 enterprises. Enterprises choose ActiveState to support mission-critical systems and speed up software development while enhancing the security and integrity of their open source supply chain.
More information about ActiveState’s software supply chain security solutions can be found here.
Original article exists on PR Newswire