Software supply chain security was analyzed in a recent report by Chainguard. The report found that 70% of developers and 52% of chief information security officers (CISOs) view software supply chain security as a top priority in their roles.
According to the report, 72% of software developers say they are very security-conscious in their roles while 50% of CISOs rate software developers as very security-conscious. Forty-three percent of developers believe that CISOs are "very familiar" with how container images fit into their work, which is low when compared to other aspects of how developers perceive their security team to understand their work: open-source software libraries and projects (61%), source code repositories and source code management systems (60%) and software build tools (59%).
The report found that 92% of developers say software supply chain security is at least very important to their day-to-day work and development processes, with 39% marking it as absolutely essential. Ninety-three percent of CISOs noted effective software security as a critical component of their organizational maturity and threat/risk mitigation strategy, and 96% say effective software security practices are important to meeting government or regulatory requirements.
Thirty-six percent of CISOs and 34% of developers report that an overwhelming number of scanner false positive vulnerability alerts are among the biggest obstacles an organization faces in ensuring software supply chain security. Both groups also cite consumption of vulnerable software and a lack of cohesion between CISOs and developers as main obstacles to software supply chain security.
Read the full report here.