Securing Software Supply Chains: New Research Highlights Industry Vulnerabilities

New IDC study, co-sponsored by Canonical and Google Cloud, reveals the challenges and opportunities for organizations securing their software supply chains.

Today, Canonical and Google Cloud released findings from a joint research project conducted by the International Data Corporation (IDC) that sheds light on the critical challenges organizations face in securing their software supply chains. The report, “The State of Software Supply Chains: Security Challenges, Opportunities and the Path to Resilience with Open Source Software,” surveyed 500 organizations to uncover insights into vulnerability management, software dependency visibility, and the trustworthiness of software sources.

70% of IT teams spend more than 6 hours a week on patching

This finding underscores the significant time and resources organizations dedicate to security patching, highlighting the need for more efficient and automated solutions.

AI adoption is making security and compliance more complex

This trend demonstrates the urgent need for security strategies to evolve to meet the unique challenges posed by AI technologies.

The report highlights the need for a comprehensive approach to software supply chain security, including:

• Bringing the software supply chain to the core of software delivery.
• Automating updates for vulnerability management and patching.
• Implementing a common compliance framework or compliance automation tools.

Download the full report.

About Canonical and Google Cloud Partnership

Canonical and Google Cloud collaborate to make open source more secure, versatile, and resilient, empowering workloads wherever they are deployed — onpremises, on Google Cloud, or across other public or private cloud environments. Together, we enable faster development and deployment, drive innovation, and scale efficiently, all while reducing technology risks.

Security and resilience are non-negotiable: Canonical and Google Cloud embed security into every aspect of their solutions. Google Cloud provides global infrastructure with security controls layered in its cloud computing, networking, storage, analytics, and AI solutions. Canonical’s Ubuntu Pro, available on Google Cloud, simplifies compliance and delivers up to 12 years of security maintenance for the operating system and over 36,000 open source packages. With automated hardening, patching and auditing tools, Ubuntu Pro ensures robust security, high availability for critical workloads, and advanced manageability for IT administrators.

Empower your developers with trusted open source, and meet your compliance requirements faster with Canonical and Google. Learn more at https://canonical.com/solutions/open-source-security and https://ubuntu.com/gcp.

About IDC

International Data Corporation (IDC) is the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets. With more than 1,300 analysts worldwide, IDC offers global, regional, and local expertise on technology and industry opportunities and trends in over 110 countries. IDC’s analysis and insight help IT professionals, business executives, and the investment community to make fact-based technology decisions and to achieve their key business objectives. Founded in 1964, IDC is a wholly-owned subsidiary of International Data Group (IDG, Inc.), the world’s leading tech media, data, and marketing services company.

Learn more at https://www.idc.com/.