Supply chain attacks increased over 600% this year and companies are falling behind

A 633% rise in malicious supply chain attacks has been reported this year by software supply chain management firm Sonatype, number hitting 88,000 confirmed cases. Transitive vulnerabilities impacting software components have also surged, affecting two-thirds of open-source libraries. The adoption of fixed versions of Log4Shell, a critical vulnerability discovered in 2021, sits around 65%. However, many organisations continue to lack the visibility and understanding needed for efficient vulnerability response, Sonatype suggests.