A recent report from JFrog, the “Software Supply Chain State of the Union 2024,” highlights the growing challenges and risks organizations face in securing their software ecosystems. According to the report, many organizations today use more than ten programming languages, with 53% using 4-9 and 31% using more than ten languages.
This complexity is why many use open-source packages and libraries available to use when creating applications. “Docker and npm were the most-contributed to package types. PyPI contribution also increased, likely driven by AI/ML use cases,” according to the report. The problem is that using open-source code also introduces substantial risk.
In 2023, more than 26,000 new CVEs (Common Vulnerabilities and Exposures) continued the year-over-year growth trend of vulnerabilities. The most common vulnerabilities in 2023 were Cross-site Scripting, SQL Injection, and Out-of-bounds Write. Cross-site request Forgery also became more prevalent.
The report also highlights the hidden risks in supply chains: human error and exposed secrets.
Despite growing awareness, organizations still grapple with security to lessen supply chain risks. AI and machine learning bring new challenges, with many organizations disallowing the use of AI and ML in code creation due to security risks.
Businesses should prioritize security in 2024 as risk continues to increase.
