A significant majority large enterprises (64 percent) has been impacted by a software supply chain attack last year, according to a report from security company Anchore.
The report includes insights gathered from IT, security and DevOps leaders at 425 companies on supply chain attacks, container security, DevOps toolchains and the most popular container platforms. The report shows that containers are becoming a preferred delivery model, with 65% of respondents reporting a significant number of applications running in containers.
While technology-focused industries lead the way in container adoption, traditional industries, such as healthcare and financial services, also report significant container use, the survey says.
Containers make it easy to package software during development, but they commonly bring in multiple open source (OSS) or third-party dependencies as applications move through the DevOps pipeline, creating new software supply chain risks.
In the survey, 38 percent of advanced container users indicated that they see containerized applications as more risky than traditional applications. As a result, technical leaders ranked open source security and gaining a full understanding of the software bill-of-materials as top challenges.
“This report highlights that 60% of respondents have made securing the software supply chain a top initiative for 2022,” said Dan Nurmi, CTO and Co-Founder of Anchore. “This is critical as software supply chain attacks rise in frequency and intent. It’s an important reminder that now is the time for IT leaders, security executives and members of the C-suite to empower their teams to implement new practices and tools that secure the software supply chain.”
Highlights from the report include:
• 84% of respondents plan to increase container use and 29% will increase container use significantly
• While many orgs are scanning containers, most report challenges in identifying vulnerabilities (86%), too many false positives (77%), and getting developers to spend time remediating issues (77%)
• Top initiatives are increasing container use (63%) and improving supply chain security (60%)