Security News > 2021 > September > Execs concerned about software supply chain security, but not taking action

Venafi announced survey results highlighting the challenges of improving software supply chain security.

While 94% of executives believe there should be clear consequences for software vendors that fail to protect the integrity of their software build pipelines, most have done little to change the way they evaluate the security of the software they purchase and the assurances they demand from software providers.

Executives are clearly much more concerned about their vulnerability to software supply chain attacks and aware of the urgent need for action.

97% of executives believe that software providers need to improve the security of their software build and code signing processes.

Disconnect between concern about supply chain attacks and improving security 55% of executives report that the SolarWinds hack has had little or no impact on the concerns they consider when purchasing software products for their company.

"Executives are right to be concerned about the impact of supply chain attacks. These attacks present serious risks to every organization that uses commercial software and are extremely difficult to defend against. To address this systemic problem, the entire technology industry needs to change the way we build and buy software."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/D5HtJ_zPkrA/