It was recently found that 83% of CIOs believe their organisations to be vulnerable to cyberattacks targeting software supply chains.
Indeed, a study by Venafi showed that moving to the Cloud as well as implementing DevOps processes has led to many vulnerabilities within software supply chains, which are easily exploited by cyber attackers. CIOs have then become increasingly concerned about the serious business disruption, revenue loss, data theft, and customer damage resulting from these attacks.
87% of them believe that software engineers and developers are more focused on getting new products and services to market faster than on the security itself. Most CIOs are then urged to improve the security of software build and distribution environments, especially as 90% of software applications are now using open source components, as well as get a budget dedicated to the security of software development environments.
Hence, it was recommended to implement more security controls, update their review processes, expand their use of code signing, and look at the provenance of their open-source libraries.