ChannelLife UK - Industry insider news for technology resellers
United Kingdom
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
Story image
#
Digital Transformation
#
Data Privacy
#
AI

Lineaje survey reveals software supply chain security gaps

Yesterday
Author image
By Shannon Williams, Journalist

Lineaje has released findings from a survey of cybersecurity professionals, uncovering a significant gap between confidence and actual preparedness in securing software supply chains.

The survey, conducted with 100 cybersecurity experts, highlighted that while 32% of respondents believe delivering zero-vulnerability software is possible, the majority—68%—express uncertainty about being able to achieve this outcome. The study points to "critical blind spots in organisations' software supply chain defences," according to Lineaje.

The research indicates that despite increasing regulatory pressure around Software Bill of Materials (SBOM) requirements, many organisations remain behind on compliance. Almost half (48%) of surveyed professionals admitted falling short of meeting SBOM mandates, including those set out in Executive Order 14028 in the United States and the European Union's Cyber Resilience Act.

SBOM adoption is challenged by both visibility and capability constraints. The report found that 34% of respondents struggle to accurately identify and track open-source components in their software, despite over 90% of modern codebases relying on these dependencies. This lack of transparency is significant given that 95% of software security weaknesses are linked to open-source code.

The survey referenced a recent security issue involving the easyjson open-source library, which highlighted the ongoing risks of integrating open-source software from external developers. This vulnerability, traced back to Russian developers, underscored the complex and multifaceted risks facing organisations dependent on open-source components.

Many organisations are early in their journey with SBOM integration, with 47% either not having started or still evaluating appropriate tools and practices. This lag in compliance could leave companies exposed to substantial fines, data protection failures, and lost business opportunities with security-conscious clients.

Regarding vulnerability management, 38% of respondents stated that their teams prioritise the most vulnerable areas of their applications, potentially leaving less critical areas unaddressed. This practice poses significant risks, according to Lineaje, as recent advancements in artificial intelligence allow attackers to exploit vulnerabilities throughout an application, regardless of initial prioritisation. The survey reported that AI systems like GPT-4 can generate exploits for 87% of known vulnerabilities, increasing the risks if organisations do not achieve comprehensive software supply chain visibility.

The report also found that 29% of security teams lack the tools and processes needed to analyse SBOMs for vulnerabilities. This deficiency limits their capacity to correlate SBOM data with known threats or automate risk prioritisation, potentially giving malicious actors a wider window of opportunity for exploitation.

Artificial intelligence is rapidly becoming both a solution and a risk factor within the sector. The vast majority (88%) of survey respondents see AI as transformative for supply chain security, particularly with the adoption of AI-powered auto-remediation tools. At the same time, 35% cited data privacy as a top concern, and 26% pointed to the risks associated with AI code generation and "vibe coding"—a trend in which machine-generated code increases the attack surface.

Despite this enthusiasm for AI-driven solutions, organisations are not always prepared for scenarios where no vulnerability fix is available: 70% of respondents said their teams either have no response plan or are unsure whether such a plan exists.

Javed Hasan, Chief Executive Officer and Co-founder of Lineaje, commented: "RSA's theme this year, 'Many Voices. One Community,' emphasized the importance of shedding light on the challenges facing all security professionals. It is heartening to note that security professionals are more aware of security drivers around AI innovations, open-source risks, and increasing regulations."

He added: "However, driving safer digital infrastructure requires more action tied to this awareness. Organizations must leverage holistic solutions that can provide visibility into all code, and fix them at the velocity of digital transformations - so teams can innovate instead of playing catch-up."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cyberattacks expose weaknesses in UK retail & supply chains
Experts warn of surge in Google, Apple, Microsoft breaches
UK demand surges for AI prompt engineers as salaries climb
Teradata & Fivetran team up to streamline data integration
Modernizing mobile device management: Empowering productivity without compromise
Top stories
UK consumers value store loyalty over brands, research shows
Distology partners with Flare to boost threat intelligence tools
Vertiv to showcase AI solutions at Datacloud Global Congress 2025
TXP acquires Metatech to boost Gen legacy IT modernisation
Bitdefender unveils upgrades to partner & MSP programmes