We combined responses from 1,200 Security, Development,
and Ops professionals, analysis from the JFrog Security
Research team, and Artifactory data to understand the state
of software supply chain security.

Here’s a sample of the findings:

– The open-source supply chain is exploding with hundreds
of thousands of new packages added in 2023.

– Organizations need better ways to prioritize remediation
with 85% of Critical CVEs examined reduced in severity by
the JFrog Security Research team.

– Security tool sprawl is impacting developer efficiency with
up to 25% of time spent on security remediation.

– Organizations would rather use AI for security than trust
it to write code.