As summer comes to a close, we're reflecting on the industry insights reported and discussed over the last few months and what it means for the future of software supply chain security.
Every summer, Black Hat gives us a clear picture of the cybersecurity industry's most pressing challenges. This year, the overwhelming focus was on software supply chain security—and for good reason. With a staggering 91% of organizations experiencing a software supply chain incident in 2024, the urgency is undeniable.
Black Hat isn’t just a snapshot of the present; it serves as a launchpad for what’s next. The threats that dominated conversations this year at the conference are the same ones that will define security today, tomorrow and beyond. The software supply chain attack surface remains one of our most critical security challenges, is exponentially growing and has become more complex in the age of AI.
During Black Hat, Lineaje hosted a Software Supply Chain Summit where one theme stood out above the rest: How organizations can harness AI for more effective and efficient security as bad actors weaponize AI against us. Our CEO and Co-founder, Javed Hasan, noted in his opening remarks that the industry must shift from reactive security to proactive security and embed it into every phase of development.
The urgency was echoed by Melinda Marks, Practice Director, Cybersecurity, at Enterprise Strategy Group (ESG), who presented findings from The State of Cloud Security Platforms and DevSecOps report. According to the report, the top two concerns that security leaders grapple with today are artificial intelligence (AI) and the software supply chain. Despite widespread adoption of static application security testing (SAST) tools, foundational gaps remain. The report emphasized Javed’s remarks and highlighted the importance of securing code from the outset, particularly with AI applications, optimizing developer workflows, and using software bill of materials (SBOM) to ensure both security and efficiency.
Other panel discussions, featuring experts from IDC, Schneider Electric, Singulr AI, and more, doubled down on how disruptive AI is becoming. Panelists warned about a new era where vibe coding, which involves generating code using AI without any guardrails, is becoming a reality. This practice often creates vulnerabilities that will only surface in future breaches. Gartner’s recent Hype Cycle for Application Security 2025 confirmed the dangers of vibe coding and revealed, “By 2027, at least 30% of application security exposures will result from usage of vibe coding practices.” When discussing the topic, Richard Bird, Chief Security Officer from Singulr AI, bluntly said, “It will take living through the next headline breach to drive change.”
Looking forward, it’s clear that reactive fixes won’t suffice. The shift left slogans of a few years ago may be a thing of the past, and visibility must be a top priority before a crisis forces our hands.
Recent analyst research also underscores the need for adopting more proactive practices, and highlights some of the most persistent challenges organizations face in securing their software supply chains.
Here are some of the latest analyst-supported software security trends:
Although over 90% of modern codebases include open-source software, Gartner’s 3 Steps for Assessing an Open-Source Software Project reveals that “organizations lack the understanding of what in their inventory even is open-source software,” highlighting visibility gaps that create vulnerabilities. To close those gaps, Gartner highlighted Lineaje as a leader in open-source software assessment with solutions that help organizations gain deep visibility into packages, libraries, and artifacts to strengthen resilience and trust across the entire software supply chain.
Gartner’s Hype Cycle for Application Security 2025 revealed that “many organizations are focused on acquiring SBOMs but have yet to establish how those artifacts will be evaluated, stored and used.” While organizations are making a focused effort to strengthen defenses, “efforts to secure the integrity and provenance of software artifacts throughout the software supply chain are emerging but are uneven in scope, execution and adoption.” In the report, Lineaje is recognized as a leader in “Curated Open Source Software Catalogs” and “Reachability Analysis.” All of Lineaje’s solutions are tailored to help organizations move beyond vulnerability identification to proactive risk mitigation, including ensuring the integrity of open-source dependencies with its Gold Open Source catalogue.
With pre-vetted, trusted components in integrated catalogs, organizations can maintain developer autonomy and create easy pathways for software delivery according to Gartner’s Hype Cycle for Software Engineering 2025. Lineaje’s Gold Open Source was also recognized in this report for aligning both governance and developer experience to help organizations scale software safely.
According to Gartner’s Market Guide for Software Supply Chain Security report, “By 2028, 85% of software engineering teams in large enterprises will have deployed software supply chain security tools, up from 60% in 2025.” The shift reflects an industry trend that software risks can’t be managed by security teams alone. It requires coordination with developers and existing tools. In the guide, Lineaje is mentioned as a “Representative Vendor Offering Stand-Alone Software Supply Chain Security Capabilities,” highlighting its product, SBOM360. SBOM360 is the industry’s first SBOM Manager supporting full life-cycle management of thousands of SBOMs for all software you source. It helps ensure all software meets established security policies and compliance mandates automatically. Software producers and consumers can search the software inventory for new, breaking vulnerabilities in seconds.
In Gartner’s Emerging Tech: Techscape for Startups in Cloud and Application Security report, the authors concluded that “the most successful software supply chain security startups are not merely improving existing tools; they are architecting the future of secure software development.” Lineaje was spotlighted in this report for its AI-driven innovations and positioned alongside top-funded peers. Positioned alongside some of the top-funded software supply chain security companies, Lineaje stands out for agentic AI-powered self-healing agents that can autonomously secure source code, containers, and open-source code.
All together, these findings show that while lack of visibility and uneven adoption still leave organizations vulnerable, the groundwork is being laid for a future where AI-powered holistic solutions can transform software supply chain security into a proactive strategy.
It’s clear that the next two years will be pivotal in software supply chain security. Organizations need to prove the integrity, provenance and continuous security of every component in their software ecosystem. The future demands autonomous, continuous software security across the entire development and distribution lifecycle, at scale.
That’s where Lineaje comes in.
Our full-lifecycle suite of products equips enterprises with the tools to use only safe OSS packages and images, gain deep visibility into every software component, autofix source code and containers, dynamically manage SBOMs and third-party vendor software risks, and achieve self-healing software supply chains. This strategic approach for securing critical software reduces the burden on security and devops teams, empowers developers to focus on innovation, prevents threats before they become issues, and puts organizations onto a viable path to delivering vulnerability-free software.
Schedule a demo to learn more.
