Presidential Executive Order, Growing M&A, and Increase in Code Complexity Drive Adoption of Software Bill of Materials (SBOMs)
Revenera, producer of leading solutions that help technology companies build better products, accelerate time to value and monetize what matters, today released the Revenera 2022 State of the Software Supply Chain Report, including research and six steps to better secure the software supply chain. This report helps security, software development, and legal experts benchmark their own efforts against market trends.
The Revenera report analyzes data from more than 100 open source audit projects conducted in 2021, identifying trends related to companies’ use of open source software (OSS) and their awareness of the associated license compliance and security risks. This global, cross-industry study evaluated more than 2.6 billion lines of code and found that companies are only aware of 17 percent of the open source components they use, a 4 percent increase in the past year.
Read More: SalesTechStar Interview with Brad Copeland, Vice President of Sales at Productsup
Given that open source use is on the rise, along with the imposed operational risks and growing need for transparency and an SBOM, adoption of Software Composition Analysis (SCA) tools is expected to steadily go up. SCA identifies open source components and provides warnings regarding license terms and security vulnerability exposures—helping organizations to shore up potential blind spots in their software supply chain.
“Companies have realized they need to secure the software supply chain, which is under attack—as evidenced through vulnerabilities such as Log4Shell. All indications say bad actors are going to step up their exploits in the coming year,” said Alex Rybak, Director, Product Management, Revenera. “The use of third-party content and open source software will continue to increase. Organizations that invest in company-wide policies, continuous assessment, Software Composition Analysis solutions, and corporate compliance programs are best able to quickly respond to risks and customer requests.”