The challenge
Red Hat was seeking to understand the current state of software supply chain security maturity. In addition, they wanted to develop a rigorous series of metrics that could be used to benchmark developer and organisation-level performance on an ongoing basis to assess developments in the market.
The approach
SlashData worked closely with Red Hat to understand the research objectives and designed a 30-question survey that covered all the topics relevant to assessing software supply chain maturity, such that they could be converted into a metric during analysis. Then, SlashData gathered responses from 800+ professional developers working throughout the software supply chain. Following survey outreach, SlashData developed a methodology that allowed the information from all the survey questions to be represented into a single metric used to benchmark developer and organisational maturity. From this, we could identify the areas where organisations were struggling most, as well as identify important KPIs that demonstrated the importance of a mature approach to software supply chain security.
The result
SlashData produced a thorough and detailed report summarising our findings into the four areas of the software supply chain. Security performance metrics were developed for each, which were then combined into a single metric that could be used to produce an overall assessment of organisation security maturity. Further to understanding the current state of security practices, it also allowed us to understand why organisation leaders should care about this beyond just regulation and data exposure reasons.
How mature security practices in dependency management reduce the time to respond to vulnerabilities in third-party code.
How mature security practices in code creation reduce the time to respond to vulnerabilities in first-party code.
How mature security practices in build and delivery process reduce the time to respond to vulnerabilities in build processes.
How mature automation practices reduce the time to respond to vulnerabilities in builds.
How mature security remediation practices reduce the time to respond to vulnerabilities in production environments.
How developers with low software supply chain security maturity are often unaware of their poor performance and the risks this creates.
How more mature practices across all areas are associated with the detection and addressing of more vulnerabilities.
How business leaders can improve their organisation's software supply chain security.
Why SlashData
SlashData, acting as a full-service market research partner, helped Red Hat go from its research intention to an actionable and reliable understanding of the current state of software supply chain security. SlashData was able to leverage its deep bench of analyst expertise to develop a custom solution to Red Hat’s needs. SlashData’s expertise in crafting insights allowed Red Hat to ensure that the deliverables were targeted at the specific audience they were trying to reach.
SlashData was able to tap into its own developer community, as well as selected third-party sample providers, to distribute an online survey that reached respondents who precisely matched the client’s target audience. The survey was hosted on SlashData’s proprietary survey platform, which enables in-depth data cleansing through the advanced metadata it collects.
The findings were made publicly available in the form of a thought-leadership report, while we also delivered them as an e-book for Red Hat.
Are you interested in creating a thought-leading industry report together? Get in touch.