In the rapidly evolving landscape of software development, the integration of artificial intelligence (AI) has become commonplace.
A Black Duck report, Navigating Software Supply Chain Risk in a Rapid-Release World, highlights a concerning trend: while 95% of organisations are leveraging AI tools, a staggering 76% are exposing their software supply chains to significant risks due to inadequate security protocols for AI-generated code.
“We're in a new era of rapid software innovation, fueled by AI, but these findings reveal a critical challenge: security isn't keeping pace," said Jason Schmitt, CEO of Black Duck. This disparity raises alarms about the need for comprehensive strategies to protect software supply chains in Asia, where digital transformation is accelerating.
Despite the widespread adoption of AI in software development, only 24% of surveyed organisations have implemented thorough evaluations for intellectual property (IP), licensing, security, and quality of AI-generated code.
This oversight leaves a considerable gap in protection, opening the door to potential vulnerabilities. While 76% of respondents test for security risks, many fail to evaluate the integrity of the underlying code adequately.
One of the key findings of the report indicates that effective dependency management is crucial for preparedness against threats. Organisations adept at tracking and managing open-source dependencies are 85% more likely to secure their software compared to the overall average of 57%. This underscores the necessity for supply chain leaders to enhance their oversight and control over third-party software components.
Moreover, the report highlights the significance of validating Software Bills of Materials (SBOMs) from external suppliers. Respondents prioritising SBOM validation reported a marked increase in their capability to evaluate third-party software and respond to vulnerabilities rapidly. Specifically, 59% manage to address critical issues within a day, a stark contrast to those lacking such validation practices.
Automation also emerges as a vital component of efficient vulnerability remediation. Among organisations employing automatic continuous monitoring, 60% report resolving critical software vulnerabilities within one day. In contrast, only 45% of all respondents achieve similar outcomes, indicating that a lack of automated processes can hinder effective supply chain security.
For heads of supply chain operations and COOs in Asia, the message is clear: as AI adoption continues to rise, so too must the commitment to robust security frameworks. By prioritising AI-generated code security and enhancing dependency management, organisations can build resilient software supply chains capable of withstanding the evolving threat landscape.
