This press release features multimedia. View the full release here: https:\/\/www.businesswire.com\/news\/home\/20250401200753\/en\/<\/a><\/p>\n The Software Supply Chain State of the Union 2025 Report Reveals \u201cQuad-fecta\u201d of Security Exploits, Mis-scored CVEs, Poor ML Model Governance, & more are Jeopardizing Trust in Newly Created Software<\/p>\n<\/div>\n \n“Many organizations are enthusiastically embracing public ML models to drive rapid innovation, demonstrating a strong commitment to leveraging AI for growth. However, over a third still rely on manual efforts to manage access to secure, approved models, which can lead to potential oversights,” said Yoav Landman, CTO and Co-Founder, JFrog. “AI adoption will only grow more rapidly. Thus, in order for organizations to thrive in today\u2019s AI era they should automate their toolchains and governance processes with AI-ready solutions, ensuring they remain both secure and agile while maximizing their innovative potential.”\n<\/p>\n \nManaging and securing the software supply chain end-to-end is an imperative for delivering trusted software releases. By combining insights from over 1,400 development, security and operations professionals across the U.S., U.K., France, Germany, India and Israel, with developer usage data from JFrog\u2019s 7K+ customers, alongside original CVE analysis by the JFrog Security Research team, the JFrog Software Supply Chain State of the Union 2025 report reveals why this task is often challenging for companies amidst the expanding and frenzied threat landscape faced in today\u2019s AI era.\n<\/p>\n Key Report Findings Include:<\/b><\/p>\n \n\u201cWe uncovered a clear pattern by CVE scoring organizations to inflate scores and cause an unnecessary level of panic in the industry, sending developers scrambling on remediation efforts that often results in wasted cognitive and professional time,\u201d said Shachar Menashe, Vice President of Security Research. \u201cWhen DevSecOps teams are forced to remediate vulnerabilities that aren\u2019t ultimately harmful, their everyday workflows are disrupted, which can lead to developer burnout and costly mistakes.\u201d\n<\/p>\n \nThe JFrog Software Supply Chain State of the Union 2025<\/a> report also outlines concerns around lack of code provenance visibility across the software supply chain, developers downloading open source software packages directly from public registries without filtering for vulnerabilities, the detriments of \u201csecurity tool sprawl\u201d, and more. To explore the full findings of this year\u2019s report visit https:\/\/jfrog.com\/software-supply-chain-state-of-union\/<\/a> or read this blog<\/a>.\n<\/p>\n \nYou can also register to join JFrog security and developer experts on Thursday, April 24, 2025 at 9 AM PT for a webinar, \u201cJFrog\u2019s Software Supply Chain Report 2025: Trends, Threats & Actions<\/a>,\u201d detailing the challenges and complexities of managing and securing the software supply chain.\n<\/p>\n Like this Story? Share this on X (a.k.a. Twitter):<\/b> @JFrog shares research findings in their Software Supply Chain State of the Union 2025 report. Discover the emerging #DevSecOps trends, risks & best practices to securing enterprise #SoftwareSupplyChain. Learn more: https:\/\/jfrog.co\/43vkg3Y<\/a> #SoftwareSupplyChain #DevOps #DevSecOps #cybersecurity #containers #CVE\n<\/p>\n About JFrog<\/b><\/p>\n \nJFrog Ltd. (Nasdaq: FROG) is on a mission to power the world with liquid software. We are replacing endless software updates with a single system of record that seamlessly delivers secure applications from developer to device. The JFrog Software Supply Chain Platform helps organizations build, manage, and distribute software quickly and securely, making applications available, traceable, and tamper-proof. Its integrated security features also help identify, protect, and remediate against threats and vulnerabilities. The Platform also brings ML models in line with all other software development processes, providing a single source of truth for all software components across Engineering, MLOps, DevOps, and DevSecOps teams so they can build and release AI applications faster, with minimal risk and less cost. JFrog\u2019s hybrid, universal, multi-cloud platform is available as both self-hosted and SaaS services across major cloud service providers. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation. Once you leap forward, you won\u2019t go back! Learn more at jfrog.com<\/a> and follow us on X: @jfrog.<\/a><\/p>\n![\"The](\"https:\/\/mms.businesswire.com\/media\/20250401200753\/en\/2426717\/4\/SSCSU_2025_1280x960.jpg\")
<\/p>\n\n
![\"Photo\"](\"https:\/\/mms.businesswire.com\/media\/20250401200753\/en\/2426717\/3\/SSCSU_2025_1280x960.jpg\")
<\/td>\n<\/tr>\n![\"Logo\"](\"https:\/\/mms.businesswire.com\/media\/20250401200753\/en\/2343408\/3\/JFrog.jpg\")
<\/td>\n<\/tr>\n