[ad_1]
Did you miss a session from the Way forward for Work Summit? Head over to our Way forward for Work Summit on-demand library to stream.
Software program provide chain assaults grew by greater than 300% in 2021, in accordance with a examine from Argon Safety, lately acquired by Aqua Safety.
The report discovered that the extent of safety throughout software program growth environments stays low, and each firm evaluated had vulnerabilities and misconfigurations that may expose them to provide chain assaults. The examine recognized three main areas of threat that corporations ought to perceive and deal with to enhance software program provide chain safety.
Weak bundle utilization is among the fastest-growing strategies of finishing up a software program provide chain assault. Two widespread assaults that leverage susceptible packages are: 1) exploiting packages’ current vulnerabilities to acquire entry to the appliance and execute the assault, and a couple of) planting malicious code in widespread open supply packages and personal packages to trick builders or automated pipeline instruments into incorporating them as a part of the appliance construct course of.
Moreover, compromised CI/CD pipeline can expose an software’s supply code. This kind of breach is tough to establish and might trigger vital harm if left undetected. Attackers can reap the benefits of privileged entry, misconfigurations, and vulnerabilities within the CI/CD pipeline infrastructure, which supplies entry to vital IT infrastructure, growth processes, supply code, and purposes. It permits attackers to alter code or inject malicious code through the construct course of and tamper with purposes.
Lastly, code/artifact integrity was one other one of many most important threat areas recognized. The add of unhealthy code to supply code repositories immediately impacts artifact high quality and safety posture. Frequent points that had been present in most buyer environments had been delicate knowledge in code, code high quality and safety points, infrastructure as code points, container picture vulnerabilities and misconfigurations. Many points found required devoted time-intensive cleanup initiatives to cut back publicity.
Findings had been primarily based on a six-month evaluation of buyer safety assessments performed by Argon’s researchers to find out the state of enterprise safety and readiness to defend in opposition to software program provide chain assaults.
Learn the full report by Argon Safety and Aqua Safety.
VentureBeat’s mission is to be a digital city sq. for technical decision-makers to realize information about transformative enterprise expertise and transact. Study Extra
[ad_2]
