A significant majority large enterprises (64 percent) has been impacted by a software supply chain attack last year, according to a report from security company Anchore.
The report includes insights gathered from IT, security and DevOps leaders at 425 companies on supply chain attacks, container security, DevOps toolchains and the most popular container platforms. The report shows that containers are becoming a preferred delivery model, with 65% of respondents reporting a significant number of applications running in containers.
While technology-focused industries lead the way in container adoption, traditional industries, such as healthcare and financial services, also report significant container use, the survey says.
Containers make it easy to package software during development, but they commonly bring in multiple open source (OSS) or third-party dependencies as applications move through the DevOps pipeline, creating new software supply chain risks.
With more than 18,000 organizations affected just by the SolarWinds
attack, a significant majority (64%) of respondents have been impacted by a software supply chain attack within the last 12 months. More than a third report that the impact on their organizations
was moderate or significant.
In the survey, 38 percent of advanced container users indicated that they see containerized applications as more risky than traditional applications. As a result, technical leaders ranked open source security and gaining a full understanding of the software bill-of-materials as top challenges.
Against a backdrop of recent high-profile software supply
chain attacks, 46 percent of respondents indicated that they
have a significant focus on securing the software supply
chain while an additional 14 percent have prioritized it as a
top focus.
“This report highlights that 60% of respondents have made securing the software supply chain a top initiative for 2022,” said Dan Nurmi, CTO and Co-Founder of Anchore. “This is critical as software supply chain attacks rise in frequency and intent. It’s an important reminder that now is the time for IT leaders, security executives and members of the C-suite to empower their teams to implement new practices and tools that secure the software supply chain.”
Highlights from the report include:
• 84% of respondents plan to increase container use and 29% will increase container use significantly
• While many orgs are scanning containers, most report challenges in identifying vulnerabilities (86%), too many false positives (77%), and getting developers to spend time remediating issues (77%)
• Top initiatives are increasing container use (63%) and improving supply chain security (60%)