Summary
This document is a report detailing the findings of the Dark Reading 2023 Supply Chain Threat Survey, which surveyed 242 IT and cybersecurity professionals regarding their organizations' supply chain security practices. The report outlines the significant changes organizations have made in response to increasing risks from vulnerable third-party software and open source components, particularly focusing on the rise of malicious packages in public code registries. It presents key statistics, such as the percentage of organizations that maintain a software bill of materials and the concerns regarding vulnerabilities in open source software. The report also highlights the ongoing challenges faced by organizations, with many still exposed to supply chain attacks despite implementing various risk management processes. Notably, it discusses the confidence levels of IT professionals in their ability to defend against supply chain attacks and the varying degrees of security perceived across different organizations. Overall, the report emphasizes the critical need for enhanced security measures in the software supply chain.
