A recent annual Container Report by start-up Slim.AI has unveiled the difficulties organizations face in keeping up with vulnerabilities within the complex software supply chain. The report indicates that more than 40% of companies remain in a reactive mode when it comes to addressing critical security findings in applications and containers. Despite the allocation of significant resources, only a mere 12% of organizations claim to successfully meet their remediation targets.
The Container Report, based on Slim’s internal analysis, reviewed public container images across major repositories and included findings from a survey of IT security and software engineering professionals in large organizations. The report revealed that vulnerability remediation proved to be a significant challenge for most organizations, with only 12% of security leaders claiming to have achieved their remediation targets.
Communication overhead and managing vulnerabilities across enterprise lines were highlighted as burdensome tasks for both sides. The survey found that 63% of organizations struggle to manage multiple software producers, while 67% believe external container images increase their attack surface. This emphasizes the need for a better collaboration platform to effectively manage vulnerabilities, a sentiment echoed by 84% of security leaders.
Another issue raised in the report is the prevalence of “alert fatigue” caused by frequent vulnerability alerts and a high rate of false positives. Approximately 44% of organizations reported encountering vulnerabilities in production systems that demanded immediate attention multiple times a week, while 36% encountered them on a daily basis.
The study also showed a 39% increase in Commons Vulnerabilities and Exposures (CVE) counts in 2023, indicating the growing concern of alert fatigue within organizations. Despite the simultaneous acceleration of open-source package updates, container releases, and incident response, the number of vulnerabilities continues to rise.
Regulatory pressure adds to the complexity. One in three organizations struggles to comply with evolving guidelines, and 85% have to put in extra effort to align with executive orders.
The report warns that the ineffective management of container vulnerabilities can negatively impact business innovation, performance, productivity, and team dynamics. In fact, 46% of organizations reported experiencing performance issues and downtime due to ineffective vulnerability remediation.
Ayse Kaya, Slim.AI’s vice president of strategy and analytics, emphasized the challenges faced by software engineering and security teams in dealing with security challenges. The report aims to delve into these challenges and shed light on the complexities of vulnerability remediation within the software exchange ecosystem.
The source of the article is from the blog combopop.com.br