Attacks on software supply chains surged in 2022. A few years after word of the SolarWinds hack first spread, software supply chain attacks show no sign of abating.
In the commercial sector, attacks that leverage malicious, open source modules continue to multiply. Enterprises saw an exponential increase in supply chain attacks since 2020, and a slower, but still steady rise in 2022. The popular open source repository npm, for example, saw close to 7,000 malicious package uploads from January to October of 2022 — a nearly 100 times increase over the 75 malicious packages discovered in 2020 and 40% increase over the malicious packages discovered in 2021.
Here’s what software development and security operations teams need to know about the state of supply chain security. Download the report ‘The State of Software Supply Chain Security 2023‘ to learn about:
✓ Key trends in software supply chain security
✓ How and where supply chain threats have mounted
✓ New federal mandates for supply chain security (EO 14028 etc.)
✓ Emerging best practices to get ahead of supply chain risk in 2023