close
close

JFrog Research Reveals Weak Links in MLOps and Enterprise Software Supply Chain Security Exploitation

Posted on by darion

JFrog Ltd. (“JFrog”) (trading on Nasdaq under the symbol FROG), Liquid Software and creators of the JFrog software supply chain platform, today unveiled the findings of a new report that reveals the disconnect in MLOps and security perceptions between management and frontline teams, which increases the risk of software supply chain (SSC) attacks worldwide.

This press release contains multimedia. View the full release here: https://www.businesswire.com/news/home/20240718899029/en/

A new JFrog report reveals numerous disconnects between senior management and practitioners worldwide, widening gaps in the standardized use of AI/ML technologies, detection and remediation. (Graphic: Business Wire)

A new JFrog report reveals numerous disconnects between senior management and practitioners worldwide, widening gaps in the standardized use of AI/ML technologies, detection and remediation. (Graphic: Business Wire)

According to a recent IDC study, the number of software supply chain security breaches has increased significantly, with the number of such attacks increasing by 241% compared to the previous year1. Surprisingly, only 30% of survey respondents identified the need to address vulnerabilities in their software supply chain as a top security concern.

“The complexity of today’s software supply chain creates unprecedented risk. Despite leadership efforts to equip frontline teams with the right equipment, developers are struggling to improve efficiency and accelerate productivity due to tool proliferation, lengthy open source and ML model approvals, and audit and compliance controls,” said Moran Ashkenazi, SVP & CISO, JFrog. “This disconnect underscores the urgent need for organizations to rethink their security strategies, increase their focus on AI/ML components, and align executives and contractors to strengthen their software supply chains.”

New JFrog report reveals a number of discrepancies between security managers and frontline software teams when it comes to detecting malicious open source packages, AI/ML integration, and code-level security scanning, including:

  • 92% of executives say their organizations have the tools to detect malicious open source packages, while only 70% of developers agree.

  • More than 90% of executives say they use machine learning models in their applications, but only 63% of developers agree.

  • 88% of executives believe AI/ML tools are used in security scanning and bug fixing processes, yet only 60% of DevSecOps teams say they use these tools.

  • 67% of executives believe that code security scanning is performed regularly, while only 41% of developers agree.

The JFrog study also delves into regional disparities in software supply chain security, visibility, and AI/ML technology adoption, including:

  • Awareness of security solutions:14% of EMEA respondents were unaware of the existence of tools to identify open-source malicious packages, while in the US (9%) and Asia (1%) the percentage was lower, indicating significant divergences in security strategies and operational understanding across EMEA.
  • Implementing AI/ML models: Only 82% of EMEA respondents reported using AI/ML models, compared to 91% in the US and 99% in Asia. This difference may indicate risk aversion in Europe due to strict regulations, while the US is seeing faster adoption of AI/ML technologies.

For a deeper dive into how executives can increase collaboration with development, security, and data science teams to better secure software supply chains, download the full report. You can also register to join JFrog Field CISO Paul Davis and JFrog CIO Aran Azarzar for a webinar, Know the Enemy: What CEOs Need to Know to Secure Their Software Supply Chain,, detailing the complexities, promising solutions, and recommendations for better managing and securing software supply chains.

Like this story? Share this: @JFrog research shows critical visibility gaps between business units, executives, and contractors, increasing the risk of #softwaresupplychain attacks. Learn more: https://bit.ly/3WplWbl #DevOps #DevSecOps #cybersecurity #CVEs #AI/ML

About JFrog

JFrog Ltd. (Nasdaq: FROG) is on a mission to create a world of software delivered without friction from developer to device. Driven by a vision of “Liquid Software,” JFrog’s software supply chain platform is a single system of record that enables organizations to quickly and securely build, manage, and distribute software that is accessible, traceable, and tamper-proof. Integrated security features also help identify, protect, and remediate threats and vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both self-hosted services and as SaaS services from leading cloud providers. Millions of users and over 7,000 customers worldwide, including most of the Fortune 100, rely on JFrog solutions to confidently embrace digital transformation. Learn more at www.jfrog.com or follow us on X @JFrog.

___________________________

1IDC, “IDC Helps Organizations Navigate Software Supply Chain Security with New Industry-Leading Research,” June 15, 2023, https://www.idc.com/getdoc.jsp?containerId=prUS50913123