We combined responses from 1,200 Security, Development,
and Ops professionals, analysis from the JFrog Security
Research team, and Artifactory data to understand the state
of software supply chain security. 

Here’s a sample of the findings: 

– The open-source supply chain is exploding with hundreds
of thousands of new packages added in 2023. 

– Organizations need better ways to prioritize remediation
with 85% of Critical CVEs examined reduced in severity by
the JFrog Security Research team. 

– Security tool sprawl is impacting developer efficiency with
up to 25% of time spent on security remediation. 

– Organizations would rather use AI for security than trust
it to write code.