In JFrog’s just-released Software program Provide Chain State of the Union 2024 report, the software program provide chain platform supplier discovered intensive use of AI and machine studying instruments for safety. Nevertheless, just one in three software program builders the corporate surveyed use generative AI to write down code.
Whereas 90% of survey respondents point out their organizations presently use AI/ML-powered instruments in some capability to help in safety scanning and remediation, solely about one in three professionals, 32%, mentioned their organizations use AI/ML-powered instruments to write down code. This means the bulk nonetheless are cautious of the potential vulnerabilities that AI-generated code can introduce to enterprise software program, JFrog mentioned.
Launched March 19, JFrog’s report combines JFrog Artifactory developer utilization knowledge from greater than 7,000 organizations, authentic CVE (Frequent Vulnerabilities and Exposures) evaluation by the JFrog safety analysis staff, and commissioned third-party survey knowledge of 1,200 expertise professionals worldwide to supply context into the software program provide chain panorama.
The report additionally notes that just about half of respondents, 47%, mentioned they use between 4 and 9 software safety options. One-third mentioned they’re utilizing 10 or extra software safety options.
Different findings in JFrog’s Software program Provide Chain State of the Union 2024 report:
- Safety is taking a toll on productiveness. A full 40% of survey respondents mentioned it sometimes takes every week or longer to get approval to make use of a brand new bundle or library. Roughly 25% of safety groups’ time is spent remediating vulnerabilities.
- Denial of service assaults reign. Almost half (48.9%) of CVEs analyzed maintain the potential for a DoS assault, in comparison with 18.9% which have the potential to carry out distant code execution. That is excellent news, JFrog mentioned, as a result of distant code execution has a much more detrimental affect.
- Not all CVEs are what they appear. The JFrog safety analysis staff downgraded the severity of 85% of crucial CVEs and 73% of excessive CVEs on common after analyzing 212 completely different high-profile CVEs present in 2023.
- Greater than half of organizations (53%) use 4 to 9 programming languages, and 31% use greater than 10 languages.
Copyright © 2024 IDG Communications, Inc.
