JFrog Uncovers Weak Links in MLOps within Enterprise Software Supply Chains

JFrog Ltd., the Liquid Software company and creators of the JFrog Software Supply Chain Platform, has unveiled the findings of a new report exposing disparities in MLOps and security perceptions between leadership and frontline teams that is increasing the risk of software supply chain (SSC) attacks around the globe.

Software supply chain security breaches are experiencing a significant uptick, according to a recent IDC survey showing a staggering 241% increase in such attacks year-over-year[1]. Surprisingly, only 30% of the survey respondents identified the need to address vulnerabilities in their software supply chain as a top security concern.

“The complexity of today’s software supply chain poses unprecedented risks. Despite leadership efforts to enable frontline teams with the right equipment, developers are struggling to improve efficiency and accelerate productivity due to tool sprawl, lengthy open source and ML model approvals, plus audit and compliance checks,” said Moran Ashkenazi, SVP & CISO, JFrog. “This discrepancy highlights the urgency for organizations to rethink their security strategies, focus more on AI/ML components, and align executives and doers on a mission to fortify their software supply chains.”

JFrog

JFrog’s new report reveals several disparities between security executives and frontline software teams concerning malicious open-source package detection, AI/ML integration, and code-level security scans, including:

92% of executives claim their organizations possess tools to detect malicious open-source packages, while only 70% of developers agree with this statement.

Over 90% of executives believe they are using ML models in their software applications, but only 63% of developers confirm that is the case.

88% of executives believe AI/ML tools are being used for security scanning and remediation processes, however only 60% of DevSecOps teams report they are using these tools.

67% of executives believe code-level security scans are conducted regularly, while only 41% of developers confirm such is true.
JFrog’s study also delves into regional disparities in software supply chain security, visibility, and use of AI/ML technologies such as:

Awareness of Security Solutions: 14% of EMEA respondents were unaware of tools for identifying malicious open-source packages, in contrast to lower rates in the US (9%) and Asia (1%), highlighting a substantial disconnect in EMEA’s security strategies and operational understanding.

Adoption of AI/ML Models: Only 82% of EMEA respondents reported using AI/ML models, compared to 91% in the US and 99% in Asia. This variance may point to Europe’s risk-averse environment influenced by strict regulations, while we see faster adoption of AI/ML technologies in the US.

ChannelDrive Bureau
ChannelDrive Bureauhttp://www.channeldrive.in
ChannelDrive Bureau covers the latest developments in the space of ICT, technology, solutions and implementations and delivers content focused around solution providers, system integrators, distributors and technology partner community in India. ChannelDrive Bureau is headed by Zia Askari. He can be reached at ziaaskari@channeldrive.in

Recent Articles

Related Stories

Stay on op - Get the daily news in your inbox