Security News > 2022 > February > Software supply chain security still a pain point
ActiveState announced the results of its survey, providing insights into the security challenges of the software industry's open source supply chain, which includes the security of open source components, as well as the security and integrity of key software development processes.
The results point to the fact that software supply chain security is still in its infancy.
Securing the software supply chain encompasses vulnerability remediation and the implementation of controls throughout the software development process.
The survey's results, which were garnered from the responses of more than 1,500 developers, security professionals and open source leaders at organizations of all sizes worldwide, point to the immaturity of supply chain security across the software industry.
Areas of concern include the implicit trust that a worryingly high percentage of organizations place in open source repositories which fail to deliver any guarantees as to the security and integrity of the software they provide, as well as the low levels of build reproducibility, making it difficult for anything built from source code to be deemed secure.
Loreli Cadapan, VP, Product Management, ActiveState, said: "Much more work is required to address the software industry's supply chain security shortcomings. However, integrating multiple point solutions to create an end-to-end secure software supply chain is a non-trivial undertaking. To overcome this challenge, organizations should look for a turnkey, out-of-the-box solution to quickly secure their software supply chain."
News URL
https://www.helpnetsecurity.com/2022/02/18/open-source-supply-chain/