The 2024 State of SSCS
In 2024, the need to secure your software supply chains has become more evident than ever. A recent Software Supply Chain Security (SSCS) report by Checkmarx reveals that 63% of surveyed companies have faced attacks on their software supply chain in the last two years.
One of the most significant findings of the report was the threat associated with open source software. With open source components comprising 56% of applications, the risk of vulnerabilities is significant. Yet, despite 75% of respondents expressing concern about the security of these components, only a fraction have successfully implemented specific SSCS solutions.
To address these challenges, the report recommends several strategies:
🎯 Expand SCA Coverage:
Ensure your Software Composition Analysis (SCA) tool can detect malicious code and vulnerabilities from open source software.
🎯 Integrate SBOMs into SCA:
Software bill of materials (SBOM) generation should be part of your SCA tool, with proper cataloging and usage protocols.
🎯 Lifecycle Coverage:
Choose platforms that support security across the entire Software Development Lifecycle (SDLC), including container security.
The checkmarx report reminds us that securing your organization’s software supply chains is not just a priority but a necessity.
