One area that requires particular caution is the development of AI/ML models. We are seeing an increasing threat of malicious code at this critical point, allowing threat actors to find new ways to break into companies and software supply chains and steal data.
While AI/ML has been an integral part of many software deliveries for many years, the rise of Large Language Models (LLMs) has made it much easier to embed AI/ML into many applications. Developers are expected to deploy AI/ML models along with software updates and new implementations, but often do not have the resources to build security measures into their processes from the start. It can be observed that developers turn to open source offerings to streamline their workflows, but often do not check the code they use for vulnerabilities. Once malicious code is deployed in AI/ML models, it can be used as a weapon by cybercriminals to move within the organization's networks.
Software supply chain security
The importance of the software supply chain will continue to increase and at the same time the threat situation will also increase in complexity and intensity. Companies must expand their security structures accordingly and adapt them to the new challenges. The support of a legal framework that enables a safe environment for software development plays a crucial role. In the US, for example, CISA's Open Source Software Security Roadmap has put the market in a strong position to confidently address emerging security threats. Security experts in the industry firmly believe that open source will continue to pose a major threat in the long term.
Software Bill of Materials represent one way to combat these security threats in the software supply chain. Fortunately, SBOMs are becoming increasingly recognized as they enable companies to better respond to supply chain attacks. They enable faster response times when a vulnerability is discovered. Nevertheless, we are likely to see an increase in software supply chain attacks this year as threat actors have more tools at their disposal to carry out and evolve their attacks. At the same time, however, it can be assumed that the willingness to strengthen defense mechanisms in organizations will steadily increase.
More at JFrog.com
About JFrog
We set out with Liquid Software in 2008 to transform the way companies manage and release software updates. The world expects software to be updated continuously, securely, unobtrusively and without user intervention. This hyper-connected experience can only be enabled through automation with an end-to-end DevOps platform and a binary-centric focus.
Matching articles on the topic