Software supply chain attacks are top of mind and with good reason. Not only are these attacks extremely high profile but they can cause lasting damage. Dealing with the SolarWinds attack and the Log4Shell vulnerability still brings up difficult memories long after the initial incidents. To detect these attacks and defend against them, organizations can scan first-party code, third-party components, containers, and other pipeline tools that manage the code-to-cloud process. Another tactic, recently mandated by the U.S. federal government, is the software bill of materials. SBOMs itemize the components embedded within code, allowing users and consumers of these applications and software packages to track potential exposure to existing and not-yet-discovered vulnerabilities within those components. There are also runtime application security defenses that can detect and block attacks.
Techstrong Research polled our community of DevOps, cloud-native, cybersecurity, and digital transformation readers and viewers to take their pulse on SBOMs. We found that 42% of respondents produce SBOMs for at least 40% of their applications, while only 25% don’t produce SBOMs at all. Almost half (49%) indicated they were analyzing first-party code, third-party dependencies, and infrastructure components.
Techstrong Research brings you this PulseMeter report sponsored by Snyk, supported by our independent research data. Download the full report to learn more.
Visit the Techstrong Research resource center, where you will find our many research, trends, and technical insight reports on DevOps, cloud native, AI, security, data and more.