Revenera today released the Revenera 2022 State of the Software Supply Chain Report.
The Revenera report analyzes data from more than 100 open source audit projects conducted in 2021, identifying trends related to companies' use of open-source software (OSS) and their awareness of the associated license compliance and security risks. This global, cross-industry study evaluated more than 2.6 billion lines of code and found that companies are only aware of 17% of the open source components they use, a 4 percent increase in the past year.
Given that open source use is on the rise, along with the imposed operational risks and growing need for transparency and an SBOM, the adoption of Software Composition Analysis (SCA) tools is expected to steadily go up. SCA identifies open source components and provides warnings regarding license terms and security vulnerability exposures—helping organizations to shore up potential blind spots in their software supply chain.
"Companies have realized they need to secure the software supply chain, which is under attack—as evidenced through vulnerabilities such as Log4J. All indications say bad actors are going to step up their exploits in the coming year," said Alex Rybak, Director, Product Management, Revenera. "The use of third-party content and open source software will continue to increase. Organizations that invest in company-wide policies, continuous assessment, Software Composition Analysis solutions, and corporate compliance programs are best able to quickly respond to risks and customer requests."