We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 - 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!
According to a recent study by Venalfi, more than half of executives (55%) with responsibility for both security and software development reported that the SolarWinds hack has had little or no impact on the concerns they consider when purchasing software products for their company. Additionally, 69% say their company has not increased the number of security questions they are asking software providers about the processes used to assure software security and verify code.
As the one-year anniversary of the infamous SolarWinds cyberattacks approaches, it’s a great time to evaluate the changes that companies have put in place to protect against similar attacks. These attacks shone a light on a new set of weak spots in organizations’ security controls, especially because software developers are primarily focused on speed and innovation, not security. Attackers know this and are actively taking advantage of it. Unfortunately, Venalfi’s study reveals that while executives are concerned about software supply chain attacks and are aware of the urgent need for action, the data indicates they aren’t taking the steps that will drive change.
Today, every business is a software business. If companies don’t work together to make actionable plans to ensure the software that’s used is secure, everyone will remain vulnerable to attacks that target the software supply chain. Even though the risk of supply chain attacks continues to rise, many organizations have not even decided which team is responsible for improving the security of the software supply chain: developers or InfoSec professionals.
Venafi’s survey evaluated the opinions of more than 1,000 IT and development professionals, including 193 executives with responsibility for both security and software development, and uncovered a glaring disconnect between executive concern and executive action.
Read the full report by Venalfi.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.