Facing a growing threat, more than 70% of companies confirm that current application security solutions fail to protect companies from software supply chain security risks, according to a recent report.

Global research conducted by Dimensional Research and commissioned by ReversingLabs, revealed evidence that organizations recognize, and have been impacted by, software supply chain security threats. The ReversingLabs Software Supply Chain Risk Survey found that nearly 90% of technology professionals detected significant risks in their software supply chain in the last year. More than 70% said that current application security solutions aren't providing necessary protections.

More than 300 global executives, technology and security professionals at all seniority levels directly responsible for software at enterprise companies, were surveyed for the study.  

Other key highlights from the survey included:

  • Nearly all respondents (98%) recognized that software supply chain issues pose a significant business risk, citing concerns beyond code with vulnerabilities, secrets exposures, tampering and certificate misconfigurations. Interestingly, more than half of technology professionals (55%) cited secrets leaked through source code as a serious business risk followed by malicious code (52%) and suspicious code (46%). Recent public attention on secrets exposure from CircleCI and other breaches has heightened awareness of this emerging issue. Software tampering was cited by 38% of professionals in the study as a serious risk. These sources of risk led to problems for the majority of respondents: almost nine out of 10 companies detected security or other software issues in their software supply chain in the last 12 months.
  • 88% of survey recipients recognized that software supply chain security is an enterprise-wide risk, but only six out of 10 felt their software supply chain defenses were up to the task. 80% disclosed that their company is directly focused on improving security for the software supply chain.
  • The lack of proper tools may be exacerbating software supply chain risk. Almost three quarters (74 percent) of professionals surveyed agreed that traditional application security solutions, including software composition analysis (SCA), static application security testing (SAST) and dynamic application security testing (DAST), are ineffective at protecting companies from modern software supply chain threats.