The rapid rise of artificial intelligence, more specifically, generative AI systems such as OpenAI’s ChatGPT, has simultaneously spurred intense development and concern over the past year. On the 30th of October, President Joe Biden signed an Executive Order that urges new federal standards for AI development, safety, security, and trustworthiness that also address many other facets of AI risk.
The software supply chain today runs differently than it did just five years ago. The number of available tools, languages, and packages used have exploded. Further, the growing mix of OSS packages puts organizations at risk of outdated software, untracked dependencies, and non-compliant licenses. To add to the chaos, teams are now increasingly distributed and greater in number. All of this dramatically increases the number of inputs within the software supply chain.
With the proliferation of CVEs (Common Vulnerabilities and Exposures), we have witnessed a remarkable surge in associated risks over the past five years. 2022 was a record-breaking year with 25,096 new CVEs found, the most discovered CVEs ever. Unfortunately, 2023 is on track to beat that record.
