Security News > 2021 > September > Why open source software supply chain management is worse than you think
The seventh annual State of the Software Supply Chain Report from Sonatype found that developers think software management practices are in much better shape than what conditions on the ground indicate.
The analysis found that the majority of respondents use an ad hoc approach to software supply chain management for most parts of the process, except for remediation and inventory.
Matt Howard, EVP of Sonatype, said in a press release that the report reinforced the fact that open source is both critical fuel for digital innovation and a ripe target for software supply chain attacks.
To minimize risk associated with vulnerabilities in third-party open source libraries, Sonatype analysts recommend that software development teams adopt defined criteria for selecting open source projects and look for projects that have low Mean Time To Update.
Sonatype's 2021 State of the Software Supply Chain Report combined public and proprietary data to identify trends in modern software development.
Researchers also surveyed 702 software engineers to measure the state of software supply chain management with open source software.