Gap between managers and developers on security

A new report from JFrog reveals significant discrepancies between executives and developers worldwide that make it difficult to detect and fix security vulnerabilities in the software supply chain.

The report from JFrog, a company that operates a software supply chain platform, highlights differences in security perceptions among executives and development teams that increase the risk of attacks on the software supply chain worldwide.

Security breaches in the software supply chain are on the rise, as shown by the latest IDC survey data, which shows a staggering 241 percent increase in such attacks compared to last year. Surprisingly, only 30 percent of survey respondents said that remediating vulnerabilities in their software supply chain is a major security issue.

JFrog’s report uncovers several discrepancies between security leaders and development teams, including:

  • Detecting malicious open source packages: 92 percent of executives say their companies have tools to detect malicious open source packages, while only 70 percent of developers agree with this statement.
  • Integration of AI/ML tools: Over 90 percent of executives believe they use ML models in their software applications, while only 63 percent of developers confirm this.
  • Use of AI/ML tools for security scanning: 88 percent of executives believe AI/ML tools are used for security scanning and remediation, but only 60 percent of DevSecOps teams say they actually use these tools.
  • Regular code-level security scans: 67 percent of executives believe that code-level security scans are performed regularly, but only 41 percent of developers confirm this.

The study also examines regional differences in security techniques and software supply chain transparency, such as:

  • Awareness of security solutions: 14 percent of respondents in the EMEA region were not aware of tools to identify malicious open source packages, compared to just 9 percent in the US and just 1 percent in Asia. There is therefore a significant discrepancy between security strategy and operational implementation in the EMEA region.
  • Adoption of AI/ML models: Only 82 percent of respondents in the EMEA region said they already use AI/ML models, compared to 91 percent in the US and 99 percent in Asia.

The report’s findings underscore the need for greater collaboration between executives and developers to improve software supply chain security. It is important that organizations bridge the gap between perception and reality to ensure the security of their software supply chain.

Source: www.com-magazin.de