Global Checkmarx study reveals 63% of participating organisations have fallen victim to a software supply chain attack in past two years 

Global Checkmarx study reveals 63% of participating organisations have fallen victim to a software supply chain attack in past two years 

Checkmarx, a leader in cloud-native application security for the enterprise, has released its global research report, the 2024 State of Software Supply Chain Security.  

Notably, the study found that 100% of the large enterprises represented by 900 AppSec professionals responding from the United States, Europe and Asia-Pacific have been the victims of a software supply chain attack at some point. 

“Software supply chain security has become an active target of government regulatory and cybersecurity agencies and is top of mind for over half of global enterprises we surveyed” said Amit Daniel, Chief Marketing Officer at Checkmarx.  

“It’s critical for CISOs and security leaders to make it easier for developers to understand the new risks and secure their entire software supply chain. ‘Malicious’ is much more than vulnerable. We have seen more attacks on the open-source ecosystem in the last two years than ever before with over 385,000 malicious packages detected to date by our own Checkmarx security research team. That’s why Checkmarx offers capabilities in Checkmarx One to allow developers to seamlessly add protection against such attacks.” 

The study revealed that: 56% of respondents’ organisational applications comprise open-source code packages and 75% of respondents said they were either very concerned (39%) or concerned (36%) about software supply chain security.