Report: Execs and devs have different perceptions around supply chain security, AI use

Software Supply Chain Security: A Disconnect Between Leaders and Developers

The Growing Concern of Software Supply Chain Attacks

While software supply chain attacks continue to rise, there appears to be a disconnect among leaders on the importance of securing these supply chains. According to research from IDC, there has been a 241% increase year-over-year in supply chain attacks. However, a new survey from JFrog reveals that only 30% of respondents cite supply chain security as a top security concern.

Disconnects in Perceptions

The report highlights disconnects between how leaders perceive the security of their organization versus the frontline software teams managing it. Ninety-two percent of executives believe their companies have tools to detect malicious open-source packages, compared to only 70% of developers. Similarly, 67% of executives think that code-level security scans are being regularly conducted, compared to only 41% of developers confirming they do this.

AI/ML Disconnect

There is also a disconnect when it comes to AI/ML. Over 90% of executives said that their development teams were using ML models in their applications, but only 63% of developers say that’s true. Additionally, 88% of executives think that AI tools are being used for security scanning, but only 60% of DevSecOps teams say they are actually using AI-powered security tools.

The Urgency for Change

"The complexity of today’s software supply chain poses unprecedented risks. Despite leadership efforts to enable frontline teams with the right equipment, developers are struggling to improve efficiency and accelerate productivity due to tool sprawl, lengthy open source and ML model approvals, plus audit and compliance checks," said Moran Ashkenazi, SVP & CISO, JFrog. "This discrepancy highlights the urgency for organizations to rethink their security strategies, focus more on AI/ML components, and align executives and doers on a mission to fortify their software supply chains."

Conclusion

The findings of this report highlight the need for organizations to prioritize software supply chain security and address the disconnect between leaders and developers. By focusing on AI/ML components and aligning executives and doers, organizations can improve their security strategies and reduce the risk of supply chain attacks.

FAQs

Q: What is the main concern in software supply chain security?
A: The main concern is the disconnect between leaders and developers on the importance of securing software supply chains.

Q: What is the increase in supply chain attacks year-over-year?
A: According to IDC research, there has been a 241% increase year-over-year in supply chain attacks.

Q: What percentage of executives believe their companies have tools to detect malicious open-source packages?
A: Ninety-two percent of executives believe their companies have tools to detect malicious open-source packages.

Q: What percentage of developers confirm that code-level security scans are being regularly conducted?
A: Only 41% of developers confirm that code-level security scans are being regularly conducted.

Q: What percentage of executives think that AI tools are being used for security scanning?
A: Eighty-eight percent of executives think that AI tools are being used for security scanning.

Q: What percentage of DevSecOps teams say they are actually using AI-powered security tools?
A: Only 60% of DevSecOps teams say they are actually using AI-powered security tools.