The latest report by Synopsys and the Ponemon Institute sheds light on the increasing threat of software supply chain attacks, with 54% of global organizations having experienced such incidents in the past year. Alarmingly, many companies are finding it challenging to adapt to this evolving risk landscape, with half taking over a month to respond to attacks and one in five admitting ineffective detection and response capabilities.
Moreover, the report underscores the widespread adoption of AI tools in software development, including OpenAI Codex, ChatGPT, and GitHub Copilot. While these tools offer efficiency gains through automation, concerns persist regarding the lack of safeguards, as only 32% of organizations have established procedures to evaluate AI-generated code for potential risks related to licensing, security, and quality.
Additionally, the report highlights the limited adoption of critical security measures like Software Bills of Materials (SBOMs), essential for ensuring supply chain security. Despite the pervasive use of open source software in development processes, with 65% of respondents utilizing it, less than half consider their security measures highly effective in securing open source components within the supply chain.
Synopsys Software Integrity Group’s general manager, Jason Schmitt, emphasizes the need for heightened vigilance in the face of sophisticated attackers exploiting supply chain weaknesses. He stresses the importance of maintaining visibility into applications and continuously evaluating IP, security threats, and code quality to mitigate risks associated with supply chain attacks.
