Despite Post-Log4j Security Gains, Developers Can Still Improve

Most companies have incorporated security testing tools into software development, but improvements are necessary, with only 40% deploying checks into the integrated development environment (IDE), according to Snyk’s 2023 State of Software Supply Chain Security report. It revealed 40% of firms don’t use any supply chain technologies such as static analysis security tools (SAST) or software composition analysis (SCA) tools. The report found a surge in attention to software security following widespread Log4j library vulnerabilities.