Progress announced new powerful capabilities and enhancements in the latest release of Progress® Sitefinity®.
President Biden's Executive Order on Improving the Nation's Cybersecurity has driven wide-scale changes in software development practices in both the UK and US in the two years since it launched, according to new research from Sonatype.
The Order, designed to bolster the US response to cyberattacks and encourage greater public-private sector collaboration, primarily focused on Federal executive agencies and contractors. However, the findings show it has spurred industry-wide action on both sides of the Atlantic.
According to the research, 76% of enterprises have adopted a Software Bill of Materials (SBOM) since the Order's introduction.
Another 16% plan to implement SBOMs within the next year, showing increasing recognition of the correlation between open source hygiene and cybersecurity posture.
Of the three-quarters of companies with SBOMs in place, only 4% adopted them over three years ago, demonstrating how much practices have evolved since the Order.
Furthermore, the findings revealed that SBOMs are becoming a key procurement requirement. Some 60% of respondents currently mandate that the businesses they work with maintain an SBOM and 37% said they will do so in the future, indicating proper software hygiene is becoming increasingly tied to commercial opportunities.
The research also confirms the Order has influenced software development practices in ways transcending SBOMs. Respondents are increasingly investing in technologies to improve software supply chain management, including vulnerability scanning (30%), software composition analysis (24%), supply chain automation (23%), threat intelligence (22%), and bug bounty programs (20%).
The regulation has also fueled investment in skills and operations like employee training and awareness (26%), recruiting developer talent (21%), and processes to assess supply chain risks (24%).
Despite SBOMs' contribution to good software hygiene, however, some companies still lag behind. Of the 24% of respondents yet to adopt SBOMs, 49% attributed this to being unsure how to implement them; 47% are unsure of their benefits; 43% have cost concerns; and 32% lack team resources, underscoring how the global cybersecurity skills crisis is hampering defense strategies.
"While it's good to finally see widespread adoption of SBOMs, it's equally concerning to see nearly a quarter of large enterprises have yet to implement them," said Brian Fox, CTO and Co-Founder at Sonatype. "It echoes our research findings last year showing many organizations are a lot farther behind on software supply chain management than they think they are. SBOMs are just 'step one' to cyber resilience — there's a whole lot more that comes after that list of ingredients if you want to achieve good software hygiene, like investing in tools for software composition analysis. If you're not at that first step yet, you're going to fall behind."
The research also found that 41% of security decision-makers see cyber regulation as the factor having the greatest positive impact on software security. Some, however, lament the volume of cybersecurity regulation, with 44% of business leaders believing there is too much government intervention on cybersecurity overall.
Reception towards policy varies from region to region and policy to policy. Confidence in the long-term success of Biden's Order is high, with 71% deeming its regulations effective for improving cybersecurity. Interestingly, in the US, decision-makers feel overwhelmingly positive about the amount of cybersecurity regulation, with 84% of respondents viewing regulation in the market as positive. In contrast, in the UK, which has been slower to regulate on software development and cybersecurity issues, just 68% of UK business leaders feel positive about it, potentially inviting more intervention.
"We've been highlighting for years the value of better visibility into the software supply chain," said Wayne Jackson, CEO at Sonatype. "Governments worldwide have to play their part in holding vendors accountable, and we're finally seeing that come to fruition with rising SBOM adoption as a result of regulatory pressures. But we need to see international governments and businesses on the same page for policy to avoid a messy patchwork of disaggregated regulations that all tackle cyber resilience in different ways. It could otherwise stifle innovation in really crucial areas of software development like the open source ecosystem. Active communication between the private and public sector will go a long way to avoid that."
Methodology: Sonatype surveyed 217 Cybersecurity Directors in organizations with over £50 million/$50 million revenue in the UK and US respectively.
Industry News
Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.
Securiti announced a new solution - Security for AI Copilots in SaaS apps.
Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:
Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.
Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.
OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.
Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.
Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.
Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.
Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.
Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.
Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.
MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.