Le Lézard
Classified in: Science and technology
Subject: Survey

Venafi Survey: With Software Supply Chain Attacks Escalating, Who is Responsible for Increasing Security?


Venafi®, the inventor and leading provider of machine identity management, today announced the findings of a global survey that evaluates the impact of software supply chain attacks like SolarWinds/SUNBURST, CodeCov and Kaseya/REvil on how development organizations are changing their approach to securing software build and delivery environments. The survey evaluated the opinions of over 1,000 information security professionals, developers and executives in the IT and software development industries.

According to Venafi's survey, respondents nearly unanimously agree (97%) that the techniques and procedures used to attack the SolarWinds software development environment will be reused in new attacks this year. Despite this certainty, there is no alignment between security and development teams on which team should be responsible for improving security in the software build and distribution environments. For example, when asked who is primarily responsible for improving the security of their organization's software development environments, 48 percent of respondents say their security teams are responsible and 48 percent say their development teams are responsible.

"While the SUNBURST attack on SolarWinds was not the first of its kind, it was certainly one of the most serious so far," said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. "SUNBURST made it absolutely clear that every organization must take urgent, substantive actions to change the way we secure software build pipelines. The only way to reduce these risks is to dramatically improve the security of the development pipeline and the software it delivers. However, if we can't even agree on who is responsible for taking these actions it's pretty clear that we aren't even close to making meaningful changes. Anyone hoping this problem has been addressed is kidding themselves."

Additional survey findings include:

"As these survey results clearly show, most organizations have not made it clear which team has the incentive or the directives they need to make the changes required. The only way to minimize the risk of future attacks is to enable developers to move fast, from idea to production, without compromising security," Bocek continued. "Speed of innovation and security are inseparable in software development. In the same way a Formula 1 engineer builds for performance and safety at the same time, software developers also need to be accountable for both. To accomplish this, developers clearly need help and support from security teams. Boards, CEOs, and managing directors need to take action to ensure clear lines of ownership so changes are in place, and they can hold teams accountable."

For more information, please visit:

Whitepaper: https://www.venafi.com/resource/more-solarwinds-style-attacks-whitepaper

About the research

Conducted by Dimensional Research, Venafi's survey evaluated the opinions of 1,014 IT professionals worldwide, of which 402 were from IT security professionals, 419 were from developers and 193 were from executives with responsibility for both development and IT security. Respondents were drawn exclusively from companies with more than 100 employees.

About Venafi

Venafi is the cybersecurity market leader in machine identity management, securing machine-to-machine connections and communications. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL/TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility of machine identities and the risks associated with them for the extended enterprise?on premises, mobile, virtual, cloud and IoT?at machine speed and scale. Venafi puts this intelligence into action with automated remediation that reduces the security and availability risks connected with weak or compromised machine identities while safeguarding the flow of information to trusted machines and preventing communication with machines that are not trusted.

With more than 30 patents, Venafi delivers innovative solutions for the world's most demanding, security-conscious Global 5000 organizations and government agencies, including the top five U.S. health insurers; the top five U.S. airlines; the top four credit card issuers; three out of the top four accounting and consulting firms; four of the top five U.S. retailers; and the top four banks in each of the following countries: the U.S., the U.K., Australia and South Africa.

For more information, visit: www.venafi.com.


These press releases may also interest you

at 18:05
CrowdStrike announced the winners of the annual CrowdStrike Asia Pacific and Japan (APJ) Partner Awards at the CrowdStrike Partner Symposium in Bangkok. The awards recognize the exceptional work the partner ecosystem accomplished, supporting...

at 18:00
Descartes Systems Group , the global leader in uniting logistics-intensive businesses in commerce, announced that it has acquired OCR Services, Inc. ("OCR"), a leading provider of global trade compliance solutions and content. OCR specializes in...

at 18:00
The "Prepaid Cards - Global Strategic Business Report" has been added to  ResearchAndMarkets.com's offering. The global market for Prepaid Cards estimated at US$2 Trillion in the year 2023, is projected to reach a revised size of US$4.1 Trillion by...

at 18:00
Bridge Biotherapeutics (KQ288330), a South Korean clinical-stage biotech company developing novel drugs for cancer, fibrosis, and inflammation, announced a research collaboration with Dr. Jessica M. Konen's Lab at Emory University School of Medicine....

at 18:00
On Wednesday, March 20, the Council for Agricultural Science and Technology (CAST) hosted a successful rollout event for its latest issue paper, "Applications, Benefits, and Challenges of Genome Edited Crops," at the Donald Danforth Plant Science...

at 17:45
The "Cold Chain Monitoring - Global Strategic Business Report" has been added to  ResearchAndMarkets.com's offering. The global market for Cold Chain Monitoring estimated at US$7.3 Billion in the year 2023, is projected to reach a revised size of...



News published on and distributed by: