Addressing the Growing Threats to Supply Chains: Urgent Action Required

In a recent address, Sandeep Johri, the CEO of Checkmarx, emphasized the interconnected nature of application and supply chain security, driven by the modern software ecosystem’s dependency on custom code, open-source libraries, and third-party components. This focus arises amid escalating threats in the supply chain landscape, where malicious code, protestware, and the harmful uses of generative AI are becoming increasingly prevalent.

In response to these rising threats, Checkmarx has released new modules designed to enhance security, particularly those aimed at secret management throughout the continuous integration and continuous deployment (CI/CD) pipeline, as noted by Johri. He underscored that well-publicized incidents such as SolarWinds and Log4j have yet to catalyze a robust response within the cybersecurity community, with malicious code now deemed a greater risk than traditional open-source vulnerabilities.

Johri remarked on the industry’s oversight, stating, “Customers don’t focus on supply chain as much as they should. They are concerned about open-source vulnerabilities, which require proactive targeting and exploitation. In stark contrast, malicious code is embedded with harmful intent, yet many enterprises overlook this risk entirely.” He characterized the situation as a ticking time bomb, reminiscent of the SolarWinds breach.

During a recent interview with Information Security Media Group, Johri delved deeper into several pressing topics, including the necessity of identifying malicious code and the implications of protestware found in open-source software. He also warned about AI-related risks such as hallucinations and exploitation, drawing a distinction between the security challenges posed by large language models and those originating from conventional open-source code.

With a career spanning over three decades, Johri brings to the table extensive experience as an executive, founder, strategic advisor, and investor, previously holding senior management roles at HP and serving as CEO of Tricentis, where he successfully transformed the firm from an early-stage startup to a leader in continuous testing solutions. As cybersecurity threats evolve, the insights shared by Johri underscore the urgent need for businesses to reassess their security priorities, particularly in relation to evolving supply chain vulnerabilities.