Report by Black Duck

Navigating Software Supply Chain Risk in a Rapid-Release World

11 FINDINGSPublished Dec 17, 2025
View Original Report →

Key Findings

54% of organizations using at least four compliance controls remediate critical vulnerabilities within a day.

Black DuckNavigating Software Supply Chain Risk in a Rapid-Release World ·4mo ago
Compliance ControlsVulnerability ManagementCritical VulnerabilitiesCritical Vulnerability Remediation

76% of organizations check AI code for security risks.

Black DuckNavigating Software Supply Chain Risk in a Rapid-Release World ·4mo ago
AI CodeSoftware DevelopmentAI Code Security RisksVulnerability Management

Organizations that effectively track and manage open source dependencies are 85% more prepared to secure open source software compared to the overall average of 57%.

Black DuckNavigating Software Supply Chain Risk in a Rapid-Release World ·4mo ago
Open SourceSoftware SecurityOpen Source DependenciesVulnerability Management

63% of respondents that prioritize SBOM validation say they're highly prepared to evaluate third-party software.

Black DuckNavigating Software Supply Chain Risk in a Rapid-Release World ·4mo ago
Third-Party Software SecuritySoftware Supply ChainSBOM ValidationVulnerability Management

60% of organizations that perform automatic continuous monitoring report remediating critical software vulnerabilities within a day.

Black DuckNavigating Software Supply Chain Risk in a Rapid-Release World ·4mo ago
Vulnerability ManagementSoftware DevelopmentAutomatic Continuous MonitoringCritical Software Vulnerabilities

Only 24% of organizations have adopted comprehensive strategies to secure AI-generated code.

Black DuckNavigating Software Supply Chain Risk in a Rapid-Release World ·4mo ago
AI-Generated CodeSoftware DevelopmentAI-Generated Code SecurityVulnerability Management

35% of respondents cite interpreting and operationalizing complex regulatory requirements as their biggest challenge.

Black DuckNavigating Software Supply Chain Risk in a Rapid-Release World ·4mo ago
ComplianceRegulatory

Only 45% of the full respondent pool say they remediate critical software vulnerabilities within a day.

Black DuckNavigating Software Supply Chain Risk in a Rapid-Release World ·4mo ago
Vulnerability ManagementCritical Software VulnerabilitiesCritical Software Vulnerability Remediation

59% of respondents that prioritize SBOM validation typically respond to critical software vulnerabilities within one day.

Black DuckNavigating Software Supply Chain Risk in a Rapid-Release World ·4mo ago
SBOMSBOM ValidationVulnerability Management

95% of surveyed organizations reported using AI tools in software development.

Black DuckNavigating Software Supply Chain Risk in a Rapid-Release World ·4mo ago
AI ToolsSoftware Development

49% of organizations using at least three compliance controls remediate critical vulnerabilities within a day.

Black DuckNavigating Software Supply Chain Risk in a Rapid-Release World ·4mo ago
Compliance ControlsVulnerability ManagementCritical VulnerabilitiesCritical Vulnerability Remediation