Over the past year, COVID-19 fundamentally transformed how people live and work, how companies interact with customers, how customers shop and buy, and how physical and digital supply chains function. As the economic importance of digital innovation accelerated during the global pandemic, so too did the number of cyber-attacks aimed at exploiting software supply chains.
And yet, much has stayed the same. Top performing companies like Apple, Goldman Sachs, and Amazon — and more recently, Zoom, Peloton, and Wayfair have mastered three key competitive advantages: knowing how to use open source and third-party innovation at scale, integrating security and risk controls into multiple phases of the software supply chain, and releasing higher quality code faster than their competitors.
Here’s what we learned this year:
Open Source Supply, Demand, and Security Vulnerabilities have all Exploded:
- Supply increased 20%. The top four open source ecosystems now contain a combined 37,451,682 different versions of components.
- Demand increased 73%. In 2021 developers around the world will download more than 2.2 trillion open source packages from the top four ecosystems.
- Open Source attacks increased 650%. In 2021 the world witnessed an exponential increase in software supply chain attacks aimed at exploiting weaknesses in upstream open source ecosystems.
- Production apps utilize only 6% of available open source projects. Despite a huge available supply of open source projects, utilization is concentrated in a surprisingly small number of popular projects.
- Popular open source projects are more vulnerable. 29% of popular (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Matt Howard. Read the original post at: https://blog.sonatype.com/2021-state-of-the-software-supply-chain