Coalfire Releases Software Supply Chain Risk Report

Global cybersecurity pioneer Coalfire today releases its first Securealities Software Supply Chain Risk report. The study reveals sharp budget increases, a dramatic rise in executive-level awareness and growing enterprise demand for more testing, training and process improvements to protect digital assets.

Most C-level respondents are taking action to address new threats and vulnerabilities across an expanding attack surface and are dedicated to managing software supply chain risk along the entire software development lifecycle (SDLC).

“With this first annual Software Supply Chain Risk Report, our goal is to reveal how application security is adapting to industry disruption and adopting new technologies to secure the digital supply chain,” said Coalfire CEO Tom McAndrew. “The data tells us that budgets and best practices are now top of mind for executive leadership and security teams, and there’s no time to waste in achieving parity in today’s competitive cloud environments.”

Coalfire commissioned CyberRisk Alliance to conduct a survey of 300 respondents from software buying and software producing companies. The goals were to capture the impact of public cyber events, President Biden’s Executive Order (EO) on cybersecurity, and procurement delays, and to discover what actions companies are taking to address these challenges.

The report summarizes the gravity of software supply chain risk and provides best practices for software buyers and sellers to mitigate threats.

Key findings include:

  • Software supply chain risk is now mainstream. Fifty-two percent of respondents are “very” or “extremely” concerned about software supply chain risks.
  • More than 50 percent of boards of directors with software-buying companies are raising concerns, which means that responsibility for software supply chain risk is no longer confined to technical teams.
  • Organizations aren’t standing on the sidelines – they are taking decisive action to combat supply chain vulnerability:
    • Among software buyers, nearly 60 percent have increased testing on third-party applications and 50 percent are purchasing new systems or new tooling.
    • Two-thirds have implemented additional staff training budgets to help manage the deluge of application vulnerabilities.
  • Given the Software Bill of Materials (SBOM) requirements within the President’s EO, 54 percent of organizations are re-focusing on the software development lifecycle.
  • Corporate leaders are planning to invest heavily in software supply chain risk management, with over one-third likely to allocate at least 10 percent of their application security budget to supply chain-specific processes.

“With 71 percent of respondents reporting that DevOps is now leading digital supply chain decision making, we’ve clearly reached a turning point in the evolution of security management,” said Coalfire’s Vice President of Product Strategy Dan Cornell. “It’s great news for software buyers as this shift will ultimately create stronger applications with fewer vulnerabilities.”

For more information, visit