The government is addressing software supply chain security with new requirements. The OMB has issued a new memorandum that sets a year-long framework for vendors to provide assurances of secure software development.
73% of organizations intensified software supply chain security efforts to address risks posed by open source code used by 80% of the companies, a Synopsys/ESG study found.
The software supply chain attack surface is a lot more complicated now, and can be compromised at every stage. Developers are the new high-value targets and we have seen developers fall victim to stolen credentials and secrets, compromised workstations, CI/CD attacks and malicious packages that end up in source code.
With the looming software bill of materials (SBOM) mandates going into effect, IT and security teams will be increasingly looking for solutions that assess and mitigate software supply chain risks for all software both built and bought to comply with U.S. Executive Order 14028.