Logo Panorama IT - Empresa de seguridad
+34 91 515 1390   |    info@panoramait.com

State of the Software Supply Chain 2021

Now in its seventh edition, Sonatype’s State of the Software Supply Chain 2021 report combines a broad set of public and private data to reveal important findings about open source code and its increasingly important role in digital innovation.

 

Open source supply is growing exponentially

Today, the four major open source ecosystems contain a total of 37,451,682 components and packages. These same communities collectively released 6,302,733 new component/package versions in the past year and have introduced 723,570 entirely new projects in support of 27 million developers worldwide.

By 2021, developers worldwide will have ordered more than 2.2 billion open source packages, representing a 73% year-over-year growth in open source component downloads by developers. Despite the growing volume of downloads, the percentage of available components used in production applications is surprisingly low.

 

Vulnerabilities are more common in projects

The top 10% of the most popular versions of OSS projects have an average probability of 29% of containing known vulnerabilities. In contrast, the remaining 90% of project versions have only a 6.5% chance of containing known vulnerabilities. Taken together, these statistics indicate that the vast majority of security research (whitehat and blackhat) is focused on finding and fixing (or exploiting) vulnerabilities in the most widely used projects.

 

Attacks on the software supply chain increase by 650%.

Members of the global open source community are facing a novel and rapidly expanding threat that has nothing to do with passive adversaries exploiting known vulnerabilities.

From February 2015 to June 2019, 216 attacks on the software supply chain were recorded. Then, from July 2019 to May 2020, the number of attacks increased to 929 attacks. However, in the last year, these attacks numbered more than 12,000 and represented a 650% increase year over year.

PanoramaIT

The essential safety guide

The essential safety guide

Do you have a cybersecurity plan? Digital technology is touching every aspect of our lives, which is giving bad actors an unlimited runway to create new threats on a daily basis. It is this atmosphere that makes it imperative that organizations are prepared, informed...

read more
5 keys for CISOs to accelerate business.

5 keys for CISOs to accelerate business.

Now more than ever, chief information security officers (CISOs) are expected to weigh in on business-level decisions. In an increasingly competitive landscape, business acumen has become as important as technical knowledge, and executives rely on the CISO to map...

read more
What most people don’t know about Synthetic Monitoring

What most people don’t know about Synthetic Monitoring

Synthetic monitoring enables you to improve the end-user experience by proactively verifying that important transactions can be completed and key endpoints accessed. It simulates a user view of your application and provides high-level performance information that can...

read more