Revenera Releases State of the Software Supply Chain 2022

ITASCA, Ill., Feb. 14 28, 2022 (GLOBE NEWSWIRE) — Revenera, maker of industry-leading solutions that help technology companies create better products, accelerate time to value and monetize what matters, today released the Revenera 2022 State of the Software Supply Chain Report, including research and six steps to better secure the software supply chain. This report helps security, software development, and legal experts benchmark their own efforts against market trends.

The Revenera report analyzes data from more than 100 open source audit projects conducted in 2021, identifying trends related to companies’ use of open source software (OSS) and their awareness of license compliance and security risks. associated security. This global, cross-industry study evaluated more than 2.6 billion lines of code and found that companies are only aware of 17% of the open source components they use, an increase of 4% from last year.

Given that the use of open source is increasing, along with the operational risks imposed and the growing need for transparency and an SBOM, the adoption of software composition analysis (SCA) tools is expected to increase. regularly. SCA identifies open source components and provides warnings about licensing terms and security vulnerability exposures, helping organizations solidify potential blind spots in their software supply chain.

“Companies have realized they need to secure the software supply chain, which is under attack, as evidenced by vulnerabilities such as Log4Shell. All indications point to bad actors stepping up their exploits in the coming year,” said Alex Rybak, Director of Product Management, Revenera. “The use of third-party content and open source software will continue to increase. Organizations that invest in company-wide policies, continuous assessment, software composition analysis solutions, and corporate compliance are best able to respond quickly to risks and customer demands.

Highlights of the Revenera 2022 State of the Software Supply Chain Report:

  • Issues at all priority levels increase: The number of most serious issues, priority level P1, increased by 6% compared to last year’s findings. However, lower priority issues have increased: secondary priority issues (P2) and lower risk issues (P3) have increased by 50% and 34%, respectively, over the past year. This indicates the increasing prevalence of free software and that the average number of dependencies is increasing dramatically in popular ecosystems, expanding the plane of risk.
  • SBOM requests are increasing: The demand for SBOM has been driven by a growing range of stakeholders and regulatory requirements, such as the Executive Order on Improving the Nation’s Cybersecurity. The approach to creating SBOM is improving through automated, collaborative, and dynamic processes and as the formats for creating and sharing SBOM (SPDX, CycloneDX, and SWID) become the norm.
  • Augmented SBOM Items: Revenera’s audit team identified 12% more items in 2021 (compared to the previous year), with 2,200 items not covered by audit project, compared to 1,959 in 2020. Additionally, Revenera discovered a new issue for every 11,500 lines of code analyzed, a 5% increase from 2020. .
  • More binaries: Compared to source code, binaries are more complex, often combining IP addresses from multiple sources and using many constituent files. This report revealed a 7% increase in binaries compared to 2020.
  • M&A activity has resulted in more SCA audits: M&A activity has driven demand for comprehensive risk profiles, forensic reports and remediation assessments.


Follow Revenera

About Revera
Revenera helps product managers create better products, accelerate time to value, and monetize what matters. Revenera’s industry-leading solutions help software and technology companies drive revenue through modern software monetization, understand usage and compliance with software usage analytics, authorize usage open source with software composition analysis and to deliver excellent user experience – for embedded applications, on-premises, cloud products and SaaS. To learn more, visit