SBN

Introducing Our 8th Annual State of the Software Supply Chain Report

The software supply chain has definitely been in all corners of the news this year, including finance, government, and technology. Although the focus is on security concerns, better supply chain management has benefits beyond preventing downtime and data breaches.

The observations presented in our 8th annual State of the Software Supply Chain report dig deeper as we continue our tradition of sharing management insights around the use of open source code in your software development lifecycle. The provided data highlights how better software supply chain management also saves money, improves morale, and accelerates innovation.

Key findings

  • The supply of open source continues to grow at an impressive rate, as do security concerns. There has been a 742% average annual increase in software supply chain attacks over the past 3 years:

Graph showing the intense growth of supply chain attacks since 2019

  • About 6 out of every 7 project vulnerabilities come from a specific type of software dependency known as a “transitive” dependency. We look at data-driven selections of the best projects and even the best versions of your projects.

  • Open source project maintainers are not the primary source of security risk, it’s open source consumers. Our data show a monthly average of 3.4 billion downloads of vulnerable software where a fixed version is available.

  • More mature software supply chain management survey respondents were 2.7x more likely to report higher job satisfaction:

Bar graph of job satisfaction and mature management values

  • Development teams can cut expensive and tedious upgrade tasks in half by discerning the right dependency and when to upgrade.

Development Perspectives

Sonatype experts and data researchers looked through both public and proprietary data sources to illustrate and address trends in supply chain management. We looked at:

  • Ongoing growth of the software supply chain itself and regulatory responses by governments around the world. 

  • Poor security trends with recommendations for teams and the industry

  • Improved insights (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Stephen Magill. Read the original post at: https://blog.sonatype.com/8th-annual-state-of-the-software-supply-chain-report

Secure Guardrails