This side of the new year, everyone is reevaluating their technology stack. Rightfully so, since there is still a lot to learn from the software supply chain security incidents of SolarWinds and Log4j. 2023 will see more companies taking stock of their entire software catalog, including which third parties and open source providers they are working with – to assess the potential risks associated with each aspect – in an effort to get ahead of these potential damages and build customer trust.
This year we will see CISOs making software supply chain security a top priority as Gartner has already predicted that by 2025, 45% of organizations worldwide will experience attacks on their software supply chains, which is a three-fold increase from 2021.
So the question still remains, “Do you know what’s in your software?”
Here are several comments from tech executives in the software supply chain security space that look ahead to what 2023 may have in store.
Javed Hasan, CEO and Co-founder, Lineaje
“In 2023, companies will realize that software that is not built securely cannot run securely. With more than 70% of modern software dependent on open source and third-party components, software developers cannot deliver secure software to customers without formal software supply chain management. This realization, and the increasing tampering of popular open source and commercial software packages, will drive an intense focus on ‘what’s in the software?” and ‘how good is it?’
Software producers that focus on their software supply chain will deliver definitively better software, driving better business results and making innovative CPOs focus on their software supply chain.
CIOs & CISOs will realize that software producers with secure software supply chains deliver software that reduces risk, requires less emergency patching for vulnerabilities and is less likely to compromise their own companies.Evaluating the SBOMs of all software they procure will become a risk management and operational efficiency imperative.”
Prashant Khandelwal, VP Product, Partner and GTM Success, Lineaje
“I expect 2023 to be the year of education and awareness on what securing a software supply chain truly entails. Most people today only have a high-level view, or simply regurgitate what they’ve heard or read publicly, but they generally don’t have the depth of knowledge to determine its significance or impact. I believe the industry will go through a phase of discovery and ‘enlightenment’ this year, which will hopefully result in a level of maturity as vendors evolve and adapt to secure their software supply chain.
Another trend in 2023 relates to how companies will comply with the DoD on “Improving the Nation’s Cybersecurity” and in particular “Enhancing the Security of the Software Supply Chain.” I expect the September 2023 deadline to be a wake up call to software vendors affected by the guidance issued by the OMB to all federal agencies. Vendors will not only have to scramble to ensure their software is compliant with NIST guidelines, but also will need to provide self-attestation that is reliable and can be independently verified.”
Monish Advani, Head of Product, Lineaje
“2023 will be the year organizations take proactive steps to prevent reputational and financial damages caused by software supply chain security incidents. 2022 kicked off with talk of the Apache Log4J vulnerability, a widespread software supply chain weakness that allowed attackers to log a special string of code, exploit their target and install malware or conduct various cyberattacks from there. Its prominence shed light on the risk of utilizing third-party, open source software – and how few organizations have a proper inventory of what is actually in their software.
Throughout the year, the likes of Okta, Uber, Magento and more experienced supply chain incidents as well, showing that even the biggest names with the most sophisticated IT and security departments can fall victim. Unfortunately, these incidents come with a cost.
According to IBM, the average cost of a breach increased $4.24 million in 2021 to $4.35 million in 2022. They also can affect customers’ and prospects’ perception of a brand and their overall loyalty. This year, we expect to see more companies taking stock of their entire software catalog, which third parties and open source providers they are working with – and the potential risks associated with each aspect – in an effort to get ahead of these potential damages and build customer trust.”
