According to research by ReversingLabs, software supply chain threats have risen 1300% from 2021 to 2023.
With concerns of software supply chain security (SSCS) on the rise, security-minded enterprises have turned to familiar application security testing (AST) tools like software composition analysis (SCA) to identify open-source vulnerabilities; static application security testing (SAST) for vulnerabilities in source code; and dynamic application security testing (DAST) to find vulnerabilities in running web applications. Those technologies are invaluable. And they’re not enough. The truth of the matter is the biggest software-based attacks on enterprises in the last few years have employed a myriad of attack vectors, many of which don't rely on exploitable vulnerabilities in either open-source or proprietary software.
