According to a recent study by Venalfi, more than half of executives (55 per cent) with responsibility for both security and software development reported that the SolarWinds hack has had little or no impact on the concerns they consider when purchasing software products for their company.
Additionally, 69 per cent say their company has not increased the number of security questions they are asking software providers about the processes used to assure software security and verify code.
As the one-year anniversary of the infamous SolarWinds cyberattacks approaches, it’s a great time to evaluate the changes that companies have put in place to protect against similar attacks. These attacks shone a light on a new set of weak spots in organisations’ security controls, especially because software developers are primarily focused on speed and innovation, not security.
Also Read: Adding AI to Supply ChAIn
Attackers know this and are actively taking advantage of it. Unfortunately, Venalfi’s study reveals that while executives are concerned about software supply chain attacks and are aware of the urgent need for action, the data indicates they aren’t taking the steps that will drive change.
Today, every business is a software business. If companies don’t work together to make actionable plans to ensure the software that’s used is secure, everyone will remain vulnerable to attacks that target the software supply chain. Even though the risk of supply chain attacks continues to rise, many organizations have not even decided which team is responsible for improving the security of the software supply chain: developers or InfoSec professionals.
Venafi’s survey evaluated the opinions of more than 1,000 IT and development professionals, including 193 executives with responsibility for both security and software development, and uncovered a glaring disconnect between executive concern and executive action.
Read the full report by Venalfi.
