Software is increasingly composed of open source software (OSS), with the majority of organizations reporting it constitutes more than half of their code composition. While it saves time for developers when they can utilize existing third-party code to build and run their applications, security teams need to understand the software components to put the processes in place to secure the applications.
Consequently, many organizations are worried about having a high percentage of code that is open source, with some expressing concerns about the specific possibility of being victims of hackers targeting popular/commonly used OSS. Organizations are challenged with increased vulnerability across the software supply chain and with understanding how to effectively mitigate risk in light of recent targeted attacks. Organizations need effective software supply chain security solutions that can support the demands of cloud-native development.
To gain further insight into these trends, TechTarget’s Enterprise Strategy Group surveyed 368 IT, cybersecurity, and application development professionals at organizations in North America (US and Canada) responsible for evaluating, purchasing, and utilizing developer-focused security products.