Upcoming June 11th CISA Deadline Exposes Widespread Unpreparedness in Software Security Compliance

A recent study by Lineaje has uncovered a startling lack of preparedness among organizations for the upcoming U.S. Cybersecurity & Infrastructure Agency’s (CISA) Secure Software Development Attestation Form deadline. The research, conducted at RSA Conference 2024, reveals that a mere 20% of companies are ready to meet the June 11, 2024, compliance deadline, a critical component of Executive Order (EO) 14028.

EO 14028, which mandates software producers to work with the U.S. government to confirm the deployment of key security practices, has been a focal point following a surge in software supply chain attacks. In 2023, these attacks affected over 2,700 U.S. organizations, marking a 58% increase from the previous year and underscoring the urgency of compliance.

Despite the clear risks and the mandate for Software Bills of Materials (SBOMs) since May 2021, Lineaje’s survey indicates that 84% of companies have yet to implement SBOMs into their development process. This gap in action suggests a disconnect between government cybersecurity efforts and industry implementation.

  • 65% of security professionals are unfamiliar with EO 14028.
  • 56% cite security vulnerabilities as their top concern, yet compliance adherence follows at only 22%.
  • 60% use open-source software, but only 16% are confident in its security.

Budget constraints and staffing shortages are cited as primary barriers to securing software and adopting necessary tools, with 45% pointing to budget limitations and 36% to lack of staffing resources.

This report serves as a wake-up call for the industry to prioritize cybersecurity compliance and awareness, as the consequences of inaction could be dire for both individual organizations and national security at large.

Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group "Information Security Community"!

No posts to display