JFrog Research Uncovers Weak Links in MLOps & Security Usage within Enterprise Software Supply Chains

Rhea-AI Summary

JFrog's new report reveals significant disparities in MLOps and security perceptions between leadership and frontline teams, increasing the risk of software supply chain attacks globally. Key findings include:

- 92% of executives claim tools to detect malicious open-source packages, but only 70% of developers agree.
- Over 90% of executives believe ML models are used in software applications, while only 63% of developers confirm.
- 88% of executives think AI/ML tools are used for security scanning, but only 60% of DevSecOps teams report using them.
- 67% of executives believe code-level security scans are regular, while only 41% of developers confirm.

The report also highlights regional disparities in security awareness and AI/ML adoption, with EMEA lagging behind the US and Asia in some areas.

Positive

• JFrog's research provides valuable insights into software supply chain security gaps
• The report highlights areas for improvement in AI/ML integration and security practices
• Identification of disparities between executive perceptions and frontline realities can lead to better alignment and security strategies

Negative

• Significant gaps in security perceptions between executives and developers may increase vulnerability to software supply chain attacks
• Lower than expected adoption of AI/ML tools for security scanning and remediation processes
• Regional disparities in security awareness and AI/ML adoption, particularly in EMEA, could lead to inconsistent global security practices

New report reveals multiple disconnects between senior executives and hands-on practitioners globally, amplifying gaps in standardized use of AI/ML, security detection and remediation technologies

SUNNYVALE, Calif.--(BUSINESS WIRE)-- JFrog Ltd. (“JFrog”) (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today unveiled the findings of a new report exposing disparities in MLOps and security perceptions between leadership and frontline teams that is increasing the risk of software supply chain (SSC) attacks around the globe.

New report by JFrog reveals multiple disconnects between senior executives and hands-on practitioners globally, amplifying gaps in standardized use of AI/ML, security detection and remediation technologies. (Graphic: Business Wire)

Software supply chain security breaches are experiencing a significant uptick, according to a recent IDC survey showing a staggering 241% increase in such attacks year-over-year¹. Surprisingly, only 30% of the survey respondents identified the need to address vulnerabilities in their software supply chain as a top security concern.

“The complexity of today’s software supply chain poses unprecedented risks. Despite leadership efforts to enable frontline teams with the right equipment, developers are struggling to improve efficiency and accelerate productivity due to tool sprawl, lengthy open source and ML model approvals, plus audit and compliance checks,” said Moran Ashkenazi, SVP & CISO, JFrog. “This discrepancy highlights the urgency for organizations to rethink their security strategies, focus more on AI/ML components, and align executives and doers on a mission to fortify their software supply chains.”

JFrog’s new report reveals several disparities between security executives and frontline software teams concerning malicious open-source package detection, AI/ML integration, and code-level security scans, including:

• 92% of executives claim their organizations possess tools to detect malicious open-source packages, while only 70% of developers agree with this statement.
• Over 90% of executives believe they are using ML models in their software applications, but only 63% of developers confirm that is the case.
• 88% of executives believe AI/ML tools are being used for security scanning and remediation processes, however only 60% of DevSecOps teams report they are using these tools.
• 67% of executives believe code-level security scans are conducted regularly, while only 41% of developers confirm such is true.

JFrog’s study also delves into regional disparities in software supply chain security, visibility, and use of AI/ML technologies such as:

• Awareness of Security Solutions: 14% of EMEA respondents were unaware of tools for identifying malicious open-source packages, in contrast to lower rates in the US (9%) and Asia (1%), highlighting a substantial disconnect in EMEA's security strategies and operational understanding.
• Adoption of AI/ML Models: Only 82% of EMEA respondents reported using AI/ML models, compared to 91% in the US and 99% in Asia. This variance may point to Europe's risk-averse environment influenced by strict regulations, while we see faster adoption of AI/ML technologies in the US.

For deeper insights on how executives can augment collaboration with developers, security, and data science teams to better secure their software supply chains download the full report. You can also register to join JFrog’s Field CISO, Paul Davis, and JFrog’s CIO, Aran Azarzar, for a webinar, “Know The Enemy: What Execs Need To Understand To Secure Their Software Supply Chain,” detailing the complexities, promising solutions, and recommendations for better managing and securing software supply chains.

Like this Story? Share this: @JFrog research shows critical gaps in visibility between business divisions, execs, & doers, increasing risk of #softwaresupplychain attacks. Learn more: https://bit.ly/3WplWbl #DevOps #DevSecOps #cybersecurity #CVEs #AI/ML

About JFrog

JFrog Ltd. (Nasdaq: FROG) is on a mission to create a world of software delivered without friction from developer to device. Driven by a “Liquid Software” vision, the JFrog Software Supply Chain Platform is a single system of record that powers organizations to build, manage, and distribute software quickly and securely, ensuring it is available, traceable, and tamper-proof. The integrated security features also help identify, protect, and remediate against threats and vulnerabilities. JFrog’s hybrid, universal, multi-cloud platform is available as both self-hosted and SaaS services across major cloud service providers. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation. Learn more at www.jfrog.com or follow us on X @JFrog.

___________________________
¹IDC, “IDC Helps Organizations Navigate Software Supply Chain Security with New Industry-Leading Research,” 15 June 2023, https://www.idc.com/getdoc.jsp?containerId=prUS50913123

View source version on businesswire.com: https://www.businesswire.com/news/home/20240718899029/en/

Media:

Siobhan Lyons, Sr. Manager, Global Communications, JFrog, siobhanL@jfrog.com

Investor:

Jeff Schreiner, VP of Investor Relations, JFrog, jeffS@jfrog.com

Source: JFrog Ltd.

FAQ

What are the main findings of JFrog's (FROG) research on software supply chain security?

JFrog's research reveals significant disparities between executive and developer perceptions on malicious open-source package detection, AI/ML integration, and code-level security scans, potentially increasing the risk of software supply chain attacks.

How do executive and developer views differ on AI/ML tool usage according to JFrog's (FROG) report?

The report shows that 88% of executives believe AI/ML tools are used for security scanning and remediation, while only 60% of DevSecOps teams confirm using these tools.

What regional differences in software supply chain security did JFrog's (FROG) study uncover?

The study found that EMEA respondents were less aware of tools for identifying malicious open-source packages compared to the US and Asia. Additionally, EMEA reported lower adoption of AI/ML models at 82%, compared to 91% in the US and 99% in Asia.

How does JFrog's (FROG) research relate to the increase in software supply chain attacks?

JFrog's research highlights gaps in security practices and perceptions that could contribute to the vulnerability of software supply chains, aligning with the reported 241% year-over-year increase in such attacks according to an IDC survey.