Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

Over 50% of enterprises worry about supply chain risks

By Security Staff
software security

Image by macrovector via Freepik

July 20, 2022

Among sharp budget increases, a dramatic rise in executive-level awareness, and growing enterprise demand for more testing, training, and process improvements to better protect digital assets, the majority of C-level executives are taking action to address new threats and vulnerabilities across an expanding attack surface and are dedicated to managing software supply chain risk along the entire software development lifecycle (SDLC), a Coalfire report reveals. 


The Securealities Software Supply Chain Risk report, commissioned by Coalfire and conducted by CyberRisk Alliance, surveyed 300 respondents from both software buying and software producing companies with the goal of capturing the impact of highly public cyber events, President Biden’s Executive Order (EO) on cybersecurity, and procurement delays, and to discover what actions companies are taking to address these mission-critical challenges.


Overall, the report highlights the gravity of software supply chain risk and provides best practices for software buyers and sellers to effectively mitigate threats.


Key findings include:

  • Software supply chain risk is now mainstream. More than half (52%) of respondents are “very” or “extremely” concerned about software supply chain risks.
  • More than 50% of boards of directors with software-buying companies are raising concerns, which means that responsibility for software supply chain risk is no longer confined to technical teams.
  • Organizations aren’t standing on the sidelines — they are taking decisive action to combat supply chain vulnerability:
    • Among software buyers, nearly 60% have increased testing on third-party applications, and 50% are purchasing new systems or new tooling.
    • Two-thirds have implemented additional staff training budgets to help manage the deluge of application vulnerabilities. 
  • Given the Software Bill of Materials (SBOM) requirements within the President’s EO, 54% of organizations are re-focusing on the SDLC.
  • Corporate leaders are planning to invest heavily in software supply chain risk management, with over one-third likely to allocate at least 10% of their application security budget to supply chain-specific processes.


The security of the software supply chain is a contributing factor in the security of a cloud environment as well. “If you want to secure your cloud environment built using code, you must also secure your software supply chain,” says Sounil Yu, Chief Information Security Officer at JupiterOne. “The challenge with this paradigm shift is that each part (the cloud infrastructure, the software supply chain) and particularly the combination of the two may be unfamiliar territory for traditional security teams, both in the technologies used and the processes that need to be adjusted. This adds to the difficulty of addressing the new threats and vulnerabilities that are prevalent in this new environment.”


Looking at this through the lens of cloud service providers, we need to look at the use case for SBOM information, says Tim Mackey, Principal Security Strategist at the Mountain View-based Synopsys Cybersecurity Research Center. “SBOMs are most useful as part of an overall risk mitigation strategy. This then implies that there are processes in place to measure risk conveyed through an SBOM and then some process to mitigate the identified risk. Since the adoption of cloud services is itself an exercise in transferring operational risk from an internal IT department to that of a cloud provider, the value from an SBOM for the cloud provider’s software is most important to the ITOps teams within the cloud provider. Obviously, some clients will want to know the SBOM for the cloud provider, but requests for information like that contained in an SBOM should first and foremost be associated with a risk strategy,” Mackey explains. “Put another way, if you were to learn via an SBOM that there is a vulnerable, open source component within a cloud provider’s infrastructure, what would your teams do with that information, given they’re unlikely to know what mitigations might be in place?” 


For the full report, visit www.coalfire.com.

KEYWORDS: cloud cyber security risk management security vulnerabilities supply chain

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • boxes in warehouse

    47% of organizations monitored supply chain risks monthly or more

    See More
  • warehouse.jpg

    9 out of 10 companies detected software supply chain security risks

    See More
  • software supply chain

    It’s time to talk about securing your innovation supply chain

    See More

Related Products

See More Products
  • Security of Information and Communication Networks

  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

See More Products

Events

View AllSubmit An Event
  • February 20, 2025

    Ideological Tensions in the Workplace: Understanding and Mitigating Risks of Violence

    ON DEMAND: Organizations face evolving threats, including workplace violence stemming from ideological tensions, political polarization, economic disparities, and other factors.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing