Alexis Asks: A 2024 Outlook for Software Security

Predictions are everywhere this time of year but what's the outlook for software supply chain in 2024? Let's dive into what's next for AI, emerging technologies and the future of cyber safety and security.

Malicious Targeting

Mitigating risks is a major part of operational supply chains. When it comes to the technology used, the biggest risk today are the hidden shadows targeting the software we use. According to Chris Hughes, chief security advisor at Endor Labs and Cyber Innovation Fellow at the U.S. government’s Cybersecurity Infrastructure and Security Agency (CISA), attackers continue to realize it is far more effective to attack a single software supplier on the proprietary front or widely used open-source software (OSS) library than targeting individual organizations. "In 2024, we will continue to see an uptick of software supply chain attacks as malicious actors look to capitalize on the complex and overlooked software supply chain attack surface that most large enterprise environments have," says Hughes. 

This targeting will surge the market for solutions that protect software use. This trend, Henrik Plate, CISSP, security researcher at Endor Labs says, is partly due to the regulatory efforts of U.S. government organizations and other, non-U.S. authorities. "However, the growing solution space makes it increasingly difficult to distinguish, evaluate and compare the capabilities of all those solutions. Organizations will likely increasingly demand that solutions become interoperable and comparable. This can be achieved by further standardizing tool outputs (e.g. SBOM and VEX documents), or developing benchmark applications, among other means," says Plate.

Leaders such as CISA and large technology companies will continue to advocate for Secure-by-Design/Default software and products. Hughes describes that platform providers will continue trying to drive systemic changes by making secure platform changes that many can benefit from. "Software liability will continue to be a hotly contested topic, with many concerned it will stifle innovation while others say it is well past the time that software suppliers are held accountable for the products they distribute to customers and consumers," explains Hughes.

Safety in AI Tools

AI is here to stay. AI tools in supply chain have offered unprecedented acceleration for the future but be wise: It's also being targeted. Varun Badhwar, CEO and co-founder of Endor Labs predicts that malicious actors will look to target GenAI platforms.

“Much like the early days of cloud adoption, organizations are navigating uncharted territories with AI, often without the necessary safeguards in place. The consequences of insufficient controls are twofold: First, a heightened risk of security breaches, and second, a potential erosion of trust as stakeholders question the ethical implications and transparency surrounding AI decision-making. “It is crucial for businesses to prioritize the development of robust governance frameworks and visibility tools," says Badhwar. "The focus should extend beyond the mere integration of AI solutions and encompass a holistic approach that addresses security, compliance and ethical considerations. Learning from past experiences, organizations must strive to stay ahead of potential challenges, ensuring that innovation is not compromised by vulnerabilities."

Businesses, especially supply chain software users, should understand the dangers of malicious characters looking to dismantle these tools. Being vigilant in your choice of technology and asking questions about what contingencies are in place might help set a precedent that protects from emerging threats in 2024.