VDC Research White Paper | Finding Sources of Security in the Complex Software Supply Chains of Tomorrow


Report Highlights

IoT developers are drawing from a vast pool of third party code sources, each bringing with it its own potential IP and security baggage. The following key findings from the VDC Research survey illustrate these trends and the risks they pose:

  • Commercial third party code use in IoT projects grew 17% from 2015 to 2020, with in-house developed code dropping from 55.9% to 48.4%
  • Security ranks as the second most cited development challenge facing IoT devices, yet only 56% of organizations have formal policies and procedures for testing the security of IoT devices
  • Security is now the most important factor (30.3%) in selecting software composition analysis (SCA) tools which were originally developed for auditing IP compliance with licensing agreements
  • Organizations using SCA reported using 10% more third party software code (64.2%) in their projects compared to those not using SCA (53.8%)
  • SCA users said they were 65% more likely to finish their project ahead of schedule (57%) than those not using SCA (34%)

Ultimately, it is clear that in much the same way that development organizations must embrace third-party code sources as a means to keep pace with development demands, they must also look for new ways to pair change code composition with changes to their core software quality and security assurance practices and tool sets. Download this white paper to see the latest VDC research on software development and SCA tooling.



Exhibit: Percent of Total Software Code in Final Design, by Source

While already a key strategy for software development, using commercial and open source third-party software is increasingly becoming a tactical necessity for many organizations to keep their teams lean, efficient, and innovative.

Download White Paper