<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1076912843267184&amp;ev=PageView&amp;noscript=1">

Our Key Takeaways From The Gartner® Software Supply Chain Report


Gartner reports, “Software supply chain attacks have seen triple-digit increases, but few organizations have taken steps to evaluate the risks of these complex attacks.”

Software supply chains are an exploding target for cyberattacks, but software represents the largest under-addressed attack surface impacting enterprises of all sizes. And the reality is while many software security solutions are hyper-focused on open-source threats, enterprises run on large, complex packages and commercial software.

The level of sophistication and capabilities for damage seen during the attacks on 3CX, CircleCI, SolarWinds, and others has evolved to a point where organizations should examine their ability to detect these active threats. And according to a ReversingLabs 2023 survey, 90% of companies have experienced a security issue with their supply chain.

There is a lack of transparency and trust impacting both software producers and consumers, and it all points to the software supply chain. It is clear classic SDLC and TPRM tools do not provide the in-depth detection capabilities necessary to address modern software supply chain attacks.

Watch as Richard Melick and Saša Zdjelar dig into our key takeaways of the latest report from Gartner, Mitigate Enterprise Software Supply Chain Security Risks.

Insights and takeaways include: 

Why Software Supply Chain attacks are real and increasing

The limitations of traditional AppSec and TPRM tools

The critical need for new software supply chain security strategies 

The importance of the final software build analysis


Gartner, “Mitigate Enterprise Software Supply Chain Security Risks” Dale Gardner, 31 October 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.