June 3, 2022

85% of CIOs were instructed by the Board of Directors or CEO to take actions to improve the security of software development and build environments.

80% of the 1,000 CIOs in a new survey report that their organizations are vulnerable to cyberattacks targeting software packages supply chains, so it is important to look for a lasting solution to solve the problem.

Several strategies were implemented to effectively address cyberattacks in the supply chain: 84% of respondents are increasing the budget to protect supply chain attacks, 68% of CIOs have introduced more security controls, 56% are using additional code signing and 47% are investigating the provenance of their open source libraries.

Implementing changes to better protect the supply chain is difficult for some organizations, because changing their safety practices and controls would require a fundamental change in structure.

Since not all companies can take the above security measures, analysts have presented code signing as the necessary response to stop supply chain attacks.

The use of code signing for the vulnerable systems allows companies to detect unsigned malware before it can wreak havoc on their supply chain and that of their customers.

The sources for this piece include an article in TechRepublic.