With the pace of innovation across the software industry, and the proliferation of digital tools in all businesses, cyber crime is on the rise. According to Gartner, "By 2025, 45% of organisations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021."
Attacks like the one on SolarWinds in 2021 highlight the importance of rigorous scrutiny at every stage of the software lifecycle. Any vulnerability introduced to a software system’s infrastructure opens the door to wide-scale abuse.
Added complexity in enterprise software further heightens the risk. To avoid ‘reinventing the wheel’, lots of tools use open source components - each one increasing the likelihood of security flaws being introduced. Look no further than the infamous Log4j vulnerability which made headlines in December 2021. Research conducted by Synosys found that 84% of codebases contain at least one open source vulnerability.
"Every day new vulnerabilities are found in open source and other software components that have previously been integrated into the organisation's software code. Without the proper tools, it is very difficult for organisations to quickly spot where they have used the unpatched versions of these components," said Ankur Shah, senior vice president, Prisma Cloud products, Palo Alto Networks.
"Prisma Cloud is designed to help protect organisations from code to cloud; and now that customers can visualise their software supply chain, it's easier to spot, prioritise, and remediate security weaknesses at the onset of development and during delivery pipelines."
Palo Alto Networks is one of the world’s leading cybersecurity companies with annual revenues of $4.3bn and over 85,000 customers in more than 150 countries.
- How can companies tackle vulnerabilities in cyber security?Network Security
- 5 minutes with Gary Brickhouse, CISO of GuidePoint SecurityCyber Security
- How Bugcrowd identifies critical software vulnerabilitiesCyber Security
- The biggest cyberattack threat is people, not computersCyber Security