"Software Supply Chain Attacks Hit 61% of Firms"

Security researchers at Capterra have discovered that more than three-fifths (61%) of US businesses have been directly impacted by a software supply chain threat over the past year.  The researchers polled 271 IT and IT security professionals to better understand the risk exposure of US companies to vulnerabilities in third-party software.  Half of the respondents rated the software supply chain threat as “high” or “extreme,” with another 41% claiming the risk is moderate.  The researchers pointed to open source software as a key source of supply chain risk.  It is now used by 94% of US companies in some form, with over half (57%) using multiple open source platforms.  The researchers claimed that app sprawl is contributing to cyber risk, revealing that retailers that have experienced a cyberattack in the past two years are more than twice as likely to report being impacted by app sprawl as those that did not experience an attack (53% versus 22%).  Alongside reducing app sprawl, the researchers recommended organizations request a software bill of materials (SBOM) from vendors and open source providers so that they can better track individual components.  Yet only half (49%) of respondents are doing so currently.

Infosecurity reports: "Software Supply Chain Attacks Hit 61% of Firms"