According to a recent study by Venalfi, more than half of executives (55%) with responsibility for both security and software development reported that the SolarWinds hack has had little or no impact on the concerns they consider when purchasing software products for their company. Additionally, 69% say their company has not increased the number of security questions they are asking software providers about the processes used to assure software security and verify code.
As the one-year anniversary of the infamous SolarWinds cyberattacks approaches, it’s a great time to evaluate the changes that companies have put in place to protect against similar attacks. These attacks shone a light on a new set of weak spots in organizations’ security controls, especially because software developers are primarily focused on speed and innovation, not security. Attackers know this and are actively taking advantage of it. Unfortunately, Venalfi’s study reveals that while executives are concerned about software supply chain attacks and are aware of the urgent need for action, the data indicates they aren’t taking the steps that will drive change.
Today, every business is a software business. If companies don’t work together to make actionable plans to ensure the software that’s used is secure, everyone will remain vulnerable to attacks that target the software supply chain. Even though the risk of supply chain attacks continues to rise, many organizations have not even decided which team is responsible for improving the security of the software supply chain: developers or InfoSec professionals.
Venafi’s survey evaluated the opinions of more than 1,000 IT and development professionals, including 193 executives with responsibility for both security and software development, and uncovered a glaring disconnect between executive concern and executive action.
Read the full report by Venalfi.
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more
Source: Read Full Article