A crucial element of EO 14028, Software Bills of Materials, have only been incorporated into 16% of respondents’ development processes.
Just 20% of businesses affected by the U.S. Cybersecurity & Infrastructure Agency’s (CISA) Secure Software Development Attestation Form are ready to meet the impending compliance deadline of June 11, 2024, according to a survey of more than 100 security professionals. This form, which is a component of Executive Order (EO) 14028, mandates that software developers who collaborate with the US government follow and verify the implementation of critical security procedures.
Over 2,700 organizations in the United States were affected by software supply chain attacks in 2023, the most on record since 2017. The significance of adhering to EO 14028 is underscored by the 58% increase in the count of impacted companies during the last year. In addition to possible financial and legal repercussions, noncompliance with EO 14028 can make an organization more susceptible to cyberattacks and harm its reputation.
Given the looming threats and consequences, it’s alarming that 84% of respondents’ companies have not implemented Software Bills of Materials (SBOMs) into their development process, despite EO 14028 making SBOMs mandatory in May 2021. These findings demonstrate that, in many cases, the federal government’s efforts to prevent cyber infiltration have yet to translate into real-world action.
“Executive Order 14028 urges organizations working with government agencies to modernize their security protocols, including generating SBOMs and attestation to secure development practices, which is viewed as a major leap forward for national cybersecurity,” said Katie Norton, Research Manager, DevSecOps and Software Supply Chain Security at IDC. “However, most organizations are unaware of their exposure and are inadequately protected, leaving them prone to supply chain attacks. IDC research found 23% of organizations surveyed experienced a software supply chain attack, a 241% increase from the prior year, affirming Lineaje’s call to increase awareness and urgency among cybersecurity professionals.”
Additional findings include:
Tune in to hear from Chris Brown, Vice President of Sales at CADDi, a leading manufacturing solutions provider. We delve into Chris’ role of expanding the reach of CADDi Drawer which uses advanced AI to centralize and analyze essential production data to help manufacturers improve efficiency and quality.