This is an area that I have been leading research on each year. We publish as part of the State of the Software Supply Chain Report. Now in its fifth year, the report examines the rapidly expanding supply and continued exponential growth in consumption of open source components. While over 80% of a modern application is built from open source components, not all of these component parts are created equal. Last year, 1 in 10 of the components downloaded by developers - who use the parts in their applications - had a known security vulnerability. The integrity of our software is at risk when organizations do not pay attention to what is being consumed within their software supply chains.
The Deliver Uncompromised report points to many of the same issues around software supply chain integrity, including malicious code injection techniques being used by adversaries The State of the Software Supply Chain report complements Deliver Uncompromised by offering empirical evidence of the practices and security threats on a global scale.
More information about text formats