The State of Software Supply Chain Security: Checkmarx Research Report 2024

In a world where open-source software is becoming a staple in enterprise applications, the risk of falling victim to cyber attacks is a growing concern for AppSec leaders and developers. Checkmarx, a prominent cloud-native application security provider, has recently published its global research report, the 2024 State of Software Supply Chain Security, shedding light on the current practices and challenges in the industry.

The study, which included 900 AppSec professionals from large enterprises across the United States, Europe, and Asia-Pacific, revealed alarming statistics. One of the key findings was that all of the participating organizations had experienced a software supply chain attack at some point in time. This highlights the urgent need for bolstering cybersecurity measures in the face of mounting threats.

Amit Daniel, Chief Marketing Officer at Checkmarx, emphasized the importance of enhancing awareness and protection against these attacks. He noted, “Malicious is much more than vulnerable. We have seen more attacks on the open-source ecosystem in the last two years than ever before.” With over 385,000 malicious packages detected by Checkmarx’s security research team, the need for secure software supply chains has never been more critical.

Despite the growing concerns surrounding software supply chain security, the study found that progress in this area has been slow. While more than half of the respondents expressed worry about the issue, less than half knew how to effectively leverage software bills of materials (SBOMs) from vendors.

As the threat landscape continues to evolve, it is imperative for organizations to prioritize software supply chain security and equip developers with the tools and knowledge needed to combat cyber threats effectively. Checkmarx’s efforts to provide innovative solutions, such as those offered in Checkmarx One, are crucial in safeguarding enterprise applications against malicious attacks.