▾ G11 Media Network: | ChannelCity | ImpresaCity | SecurityOpenLab | Italian Channel Awards | Italian Project Awards | Italian Security Awards | ...
InnovationOpenLab

Lineaje Survey Exposes Gap Between Software Supply Chain Security Confidence and Actual Readiness

Lineaje, the full-lifecycle software supply chain security company, today released new research revealing that 32% of security professionals think they can deliver zero-vulnerability software despite ...

Business Wire

The new research, conducted at RSA Conference 2025, reveals uncertainty, complexity, blind spots, and a readiness for impactful AI adoption in securing software supply chains

SARATOGA, Calif.: Lineaje, the full-lifecycle software supply chain security company, today released new research revealing that 32% of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations. Meanwhile, 68% are more realistic, noting they feel uncertain about achieving this near-impossible outcome. No matter how confident respondents may initially seem, the survey, conducted at RSA Conference 2025, highlights critical blind spots in organizations’ software supply chain defenses.

SBOM Adoption Lags Despite Regulatory Pressure

While Software Bill of Material (SBOM) regulations and guidelines continue to increase, organizations vary in their level of adoption. Notably, some organizations do not have enough visibility, while others struggle with insufficient tools and processes. A survey of 100 cybersecurity experts confirmed this critical challenge, revealing the overwhelming and ultimately crippling nature of managing SBOMs in a vacuum.

The urgency of this cannot be overstated, especially given that over 90% of modern codebases are built upon open-source dependencies, and 95% of software weaknesses are directly attributable to this code. A substantial 34% reported difficulty in accurately identifying and tracking open-source components, revealing a critical blind spot where developers and security professionals remain unaware of the elements they are integrating into their software supply chains. The recent easyjson open-source vulnerability, which has been traced back to Russian developers, is the latest incident emphasizing the significant and multifaceted risks inherent in its reliance on open-source components.

Despite the lack of visibility, the RSA survey found that almost half (48%) of security professionals are falling behind global SBOM compliance regulations, including the U.S. Office of Management and Budget (OMB) Memo M-22-18, Executive Order 14028, and the EU Cyber Resilience Act. Lack of compliance opens organizations up to significant fines, potential data breaches, and hurts security-minded customer prospects. 47% have not started SBOM integration or are presently evaluating tools and practices, despite legislation potentially opening their organizations up to legal and financial penalties.

Security Professionals in Need of Full-Lifecycle Visibility

In addition, 38% of respondents noted they prioritize the most vulnerable areas within their applications. While this may sound positive at first, this means they are leaving the supposedly less vulnerable areas within the software supply chain open to attack. With advancements in AI, all vulnerabilities are now exploitable. For example, GPT4 can write exploits for 87% of known vulnerabilities. Without full visibility into all of the software supply chains’ dependencies, many organizations are likely underestimating risks.

Unfortunately, nearly a third (29%) of teams still lack the tools and processes needed to analyze SBOMs for vulnerabilities. Without the ability to correlate SBOM data with known weaknesses or automate risk prioritization, organizations face delayed threat times, widening the window of opportunity for attackers to exploit security weaknesses.

AI Adoption Increases Productivity, And Attack Surface

Almost all (88%) of respondents reported that AI has the potential to critically or significantly enhance software supply chain security visibility. For example, we’ve seen a big uptick in organizations’ desire to use AI for auto-remediation. This readiness to adopt AI to secure code is driven by the rapid adoption of AI by developers to create code.

When asked what the most pressing or high-stakes issues that AI is creating for organizations today are, the top two responses were data security and privacy risks (35%), and AI code generation and vibe coding risks (26%). This makes a lot of sense given practices like AI code generation and vibe coding significantly increase the software supply chain attack surface. AI-powered auto-remediation is a great tool in combating this increased risk, however, it is limited to vulnerabilities for which fixes are available. 70% of respondents admitted that when a fix is not available for a vulnerability, they either don’t have or are not sure if they have a remediation plan in place.

“RSA’s theme this year, ‘Many Voices. One Community,’ emphasized the importance of shedding light on the challenges facing all security professionals. It is heartening to note that security professionals are more aware of security drivers around AI innovations, open-source risks, and increasing regulations,” said Javed Hasan, CEO and Co-founder, Lineaje. “However, driving safer digital infrastructure requires more action tied to this awareness. Organizations must leverage holistic solutions that can provide visibility into all code, and fix them at the velocity of digital transformations - so teams can innovate instead of playing catch-up.”

See the full survey results here.

About Lineaje

Lineaje provides full-lifecycle software supply chain security to meet the specific compliance, governance and efficiency needs of companies that source, build or buy critical software. Its technology results in continuous protection by allowing users to prevent attacks, tampers and other issues at the source, contextualize and prioritize risks, and implement fixes at any stage of the development lifecycle. Customers use Lineaje to deliver zero-vulnerability code, comply with key regulations, manage SBOMs, assess third-party vendor risks, correlate risk data to better inform responses and build self-healing software supply chains. The company is trusted by top technology, financial and public sector organizations that need to secure and manage critical code, complex software supply chains and large software portfolios.

Know your application Lineaje with full-lifecycle software supply chain security. Learn more at https://www.lineaje.com, read our blog and follow on LinkedIn.

Fonte: Business Wire

If you liked this article and want to stay up to date with news from InnovationOpenLab.com subscribe to ours Free newsletter.

Related news

Last News

RSA at Cybertech Europe 2024

Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…

Italian Security Awards 2024: G11 Media honours the best of Italian cybersecurity

G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes

How Austria is making its AI ecosystem grow

Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries

Sparkle and Telsy test Quantum Key Distribution in practice

Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…

Most read

Securonix Acquires ThreatQuotient to Deliver Industry’s Broadest and Deepest…

Today, Securonix, a five-time Leader in the Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM), announced the acquisition of…

Confidential Computing Poised for Explosive Growth as Anjuna Secures Three…

Anjuna, a leader in Confidential Computing and AI Data Fusion Clean Rooms, today announced the addition of a new top five global bank to its growing roster…

PubNub Evolves Its Platform with AI-Native Development, Real-Time Moderation,…

PubNub, the leader in real-time interactive apps, unveiled the next evolution of its platform. It introduces AI-native development, real-time decision…

Glean Raises $150M Series F at $7.2B Valuation to Accelerate Enterprise…

Work AI leader Glean today announced it raised $150 million in Series F financing, bringing its valuation to $7.2 billion. The round was led by Wellington…

Newsletter signup

Join our mailing list to get weekly updates delivered to your inbox.

Sign me up!