Chainguard, a software supply chain security company, recently released the 2023 CISO & Developer Trends in Software Supply Chain Security Report, its inaugural report on the perspectives of chief information security officers (CISOs) and developers on software supply chain security within their organizations.
The Harris Poll on behalf of Chainguard surveyed 520 security decision-makers and developers on their responsibilities and expectations for software supply chain security, the importance of software supply chain security, and the challenges and successes of software supply chain security.
“Finding alignment between developers and security leaders on software supply chain security is a difficult challenge for even the most well-resourced and staffed organizations,” Kim Lewandowski, Chainguard co-founder and chief product officer, said. “The findings in the report reflect the tension in the security landscape, as organizations are re-thinking how to maintain developer velocity and the advantages of open source technology, while closing the gap on a new class of vulnerabilities that software supply chains have accrued.”
Key findings include:
Half of CISOs are very security-conscious compared to 72 percent of software developers.
The biggest obstacles organizations face in ensuring software supply chain security is scanner false-positive vulnerability alerts.
Ninety-two percent of developers said software supply chain security is at least very important to their day-to-day work.