Global Checkmarx Study Reveals 63% of Participating Organizations Have Fallen Victim to a Software Supply Chain Attack in Past Two Years

50% of enterprise application security leaders in the US, Europe and Asia-Pacific are actively seeking software bills of materials (SBOMs) from vendors, but fewer than half know how to effectively leverage them

As open source software grows to represent an ever-increasing percentage of enterprise application code, application security (AppSec) leaders and developers are challenged to mitigate the risk of falling victim to the weaponization of such packages by threat actors. Reporting on current open source AppSec practices and problems, Checkmarx, the industry leader in cloud-native application security for the enterprise, has released its global research report, the 2024 State of Software Supply Chain Security. Notably, the study found that 100% of the large enterprises represented by 900 AppSec professionals responding from the United States, Europe and Asia-Pacific have been the victims of a software supply chain attack at some point.

“Software supply chain security has become an active target of government regulatory and cybersecurity agencies and is top of mind for over half of global enterprises we surveyed”

“Software supply chain security has become an active target of government regulatory and cybersecurity agencies and is top of mind for over half of global enterprises we surveyed,” said Amit Daniel, Chief Marketing Officer at Checkmarx. “It’s critical for CISOs and security leaders to make it easier for developers to understand the new risks and secure their entire software supply chain. ‘Malicious’ is much more than vulnerable. We have seen more attacks on the open source ecosystem in the last two years than ever before with over 385,000 malicious packages detected to date by our own Checkmarx security research team. That’s why Checkmarx offers capabilities in Checkmarx One to allow developers to seamlessly add protection against such attacks.”

Read More: Epicor Acquires Leading PIM and Digital Lead Generation Provider KYKLO for the Supply Chain Industries

The study revealed that:

  • 56% of respondents’ organizational applications comprise open source code packages
  • 75% of respondents said they were either very concerned (39%) or concerned (36%) about software supply chain security
  • While 100% of organizations have experienced a software supply chain attack at some time in the past:
    • 18% of respondents have been the victims of a software supply chain attack within the past year
    • 63% had been the victims of such an attack within the past two years

Read More: SalesTechStar Interview with Kristy Schafer, Vice President of US Sales at Optable

While enterprise AppSec leaders surveyed are prioritizing software supply chain security, progress is slow:

  • 57% said that software supply chain security was a top or significant area of focus
  • 54% are planning to use or are investigating the use of a solution
  • 50% are actively requesting software bills of materials (SBOMs) from their vendors
  • Less than half of those seeking vendor SBOMs knew how to leverage them effectively if needed

Write in to psen@itechseries.com to learn more about our exclusive editorial packages and programs.

Amit DanielCheckmarxCheckmarx security research teamChief Marketing Officer at Checkmarxcloud-native application securitycybersecuritydevelopersenterprise application codeNewssecurity leaders