Table of Contents

Ninety-five percent of organizations are now using AI tools for software development. However, a significant security gap raises alarms: Only 24% conduct comprehensive IP, license, security, and quality evaluations of the AI-generated code.

This oversight, highlighted in our new report, "Navigating Software Supply Chain Risk in a Rapid Release World," can expose organizations' software supply chains to serious risks.

The report, based on research conducted by UserEvidence, compiles insights from 540 software security leaders and practitioners. It emphasizes that a resilient software supply chain extends beyond maintaining compliance. Organizations also need to proactively address vulnerabilities to minimize downtime, prevent data breaches, improve productivity, and increase development velocity.

Get the full report

Key findings from the report

AI adoption outpaces security

Most organizations are embracing AI in development, yet robust security protocols for AI-generated code are largely absent. This can open the door to new attack vectors. While 76% of respondents check AI code for security risks, only about half evaluate it for quality issues (56%) or IP and license risks (54%). This means a mere 24% perform comprehensive IP, license, security, and quality evaluations for AI-generated code.

Dependency management is key to preparedness

Organizations that are highly effective at tracking and managing open source dependencies are significantly more prepared (85%) to secure open source software compared to the overall average (57%).

Automation drives faster remediation

Of the 294 respondents that perform automatic continuous monitoring, 60% report remediating critical software vulnerabilities within a day. In contrast, only 45% of the full respondent pool remediate critical software vulnerabilities within the same timeframe. This clearly shows that organizations without automatic continuous monitoring are at a significant disadvantage in protecting their software supply chain.

SBOM validation enhances third-party software security

Validating Software Bills of Materials (SBOMs) from external suppliers dramatically improves an organization's ability to evaluate third-party software and respond to critical vulnerabilities. Among the 275 respondents that prioritize SBOM validation, 63% report being highly prepared to evaluate third-party software. Furthermore, 59% of this group typically respond to critical software vulnerabilities within one day.

Compliance controls boost efficiency

Organizations with more compliance controls in place demonstrate greater efficiency in remediating critical software vulnerabilities. For instance, among the 272 respondents using at least three compliance controls, 49% remediate critical vulnerabilities within a day. This percentage rises to 54% for the 126 respondents utilizing at least four compliance controls.

To understand these challenges and explore effective strategies for securing your software supply chain, download the full report.

Download the report

Continue Reading

Explore Topics

Agile, CI/CD
AppSec Best Practices
Artificial Intelligence
Build Security into DevOps
Cloud Security
Compliance
Container Security
CyRC
DevSecOps
DAST
IAST
M&A
Manage Security Risks
OSS License Compliance
SAST
SCA
Secure the Software Supply Chain
Security News & Trends
Web Application Security