Proliferating software ecosystems result in cybersecurity gaps – but organisations must be sure they’re prioritising the right vulnerabilities.
That’s according to devsecops tool provider JFrog in its Software Supply Chain State of the Union 2024 report.
“With an expanding open-source ecosystem and an ever-growing toolset to pull into your software supply chain, can your devsecops processes keep pace?” the vendor said in its executive brief.
“The complexity of the software supply chain has the potential to expose your organisation to greater risk.”
JFrog said that cybersecurity gaps are emerging across myriad components of the application ecosystems within organisations, from open-source to containerisation, ML/AI and beyond.
“About half of organisations (53%) utilise four to nine programming languages, while a substantial 31% use more than 10 languages,” it said.
Cybersecurity teams can find their resources spread thin in the attempt to keep up with emerging and ever-evolving threats across myriad applications.
In 2023, security researchers globally revealed about 26,000 new common vulnerabilities and exposures (CVEs), representing year-on-year growth, according to JFrog.
Yet not all reported vulnerabilities are worth spending time fixing, the vendor said.
“A security mindset has finally hit the mainstream, but disjointed security approaches are costing development teams about a quarter of working time each month,” the report said.
“Sixty percent of [IT] professionals say their team typically spends four days or more remediating application vulnerabilities in a given month.”
JFrog quoted a Gartner forecast that global end-user spending on security and risk management could rise 14.3% in 2024 to reach $215 billion (£168bn).
JFrog’s software supply chain platform aims at assisting organisations to manage security risk and achieve visibility across myriad applications.
( Photo by Robert Zunikoff on Unsplash )
