Gartner Hype Cycle for Application Security, 2023

"40% to 80% of the lines of code in new software projects come from third parties (for example, runtime, libraries, components and software development kits [SDKs])," according to Gartner®. "Most of this external code comes from myriad open-source projects; the remaining proprietary code comes from suppliers that provide little or no transparency to its status or condition."

The software and firmware that power today's connected devices come with real supply chain risks. That's where SBOMs come in.

How do Software Bills of Materials confront the challenges that arise with shared open-source and third-party software? How can SBOMs help organizations track and mitigate vulnerabilities, and identify and analyze compliance violations? 

In the 2023 Hype CycleTM for Application Security, Gartner® explores the business impact and drivers of SBOM and why it is important, along with user recommendations. 

As today’s organizations grapple with the benefits and risks of incorporating open-source and third-party software within their connected devices, product security and risk management professionals seek solutions that:

  • Reduce product security risk 
  • Shorten time to market
  • Automate Incident Response
  • Mitigate supply chain risk
  • Assist with compliance requirements

SBOMs represent a critical first step in discovering vulnerabilities and weaknesses within your products and the devices you procure from your software supply chain.

We are named in this Gartner® Hype CycleTM, which you can read to learn why the seamless integration of SBOMs into software development, packaging, and release activities will be critical for their widespread adoption. 

Gartner®, Hype CycleTM for Application Security, 2023, 24 July 2023, Pgs. 31-35. By Dionioso Zumerle

GARTNER is a registered trademark and service mark of Gartner® and Hype CycleTM is a registered trade mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Gartner® does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner® research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner® disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 


Download the Report