Software Supply Chain Security Survey: RSAC 2025 Attendees Report Gap Between Confidence and Readiness

GPT4 can write exploits for 87% of known vulnerabilities.

95% of software weaknesses are directly attributable to open-source code.

26% of security professionals said AI code generation and vibe coding risks were the most pressing or high-stakes issue AI creates for organizations today.

35% of security professionals said data security and privacy risks was the most pressing or high-stakes issue AI creates for organizations today.

Nearly a third (29%) of teams still lack the tools and processes needed to analyze SBOMs for vulnerabilities.

Over 90% of modern codebases are built upon open-source dependencies.

Almost all (88%) of respondents reported that AI has the potential to critically or significantly enhance software supply chain security visibility.

70% of respondents admitted that when a fix is not available for a vulnerability, they either don’t have or are not sure if they have a remediation plan in place

32% of security professionals think they can deliver zero-vulnerability software.

47% of security professionals have not started SBOM integration or are presently evaluating tools and practices.

A substantial 34% of security professionals reported difficulty in accurately identifying and tracking open-source components.

68% of security professionals feel uncertain about achieving the near-impossible outcome of zero-vulnerability software.

Almost half (48%) of security professionals are falling behind global SBOM compliance regulations.

38% of respondents noted they prioritize the most vulnerable areas within their applications.