Trimble Launches Forestry One to Connect and Streamline Forestry Operations

Rhea-AI Summary

JFrog has released its Software Supply Chain State of the Union 2025 report, revealing critical security challenges in the software industry. The report, based on insights from 1,400+ professionals across six countries and data from 7,000+ customers, identifies a "Quad-fecta" of security threats: CVEs, malicious packages, secrets exposure, and misconfigurations. Key findings include: a 64% YoY increase in exposed secrets/tokens (25,229 total), 6.5x growth in malicious ML models, and concerning statistics showing only 43% of organizations perform both code and binary security scans. The report also highlights that 94% of companies use certified lists for ML artifact governance, but 37% rely on manual efforts. Additionally, there's been a 27% increase in new CVEs, with only 12% of "critical" rated vulnerabilities truly justifying that severity level.

Positive

• Comprehensive research spanning 1,400+ professionals across 6 countries and 7,000+ customers provides valuable industry insights
• 94% of companies are implementing certified lists for ML artifact governance
• JFrog's security research team is actively identifying and analyzing security threats and CVE scoring issues

Negative

• 64% YoY increase in exposed secrets/tokens in public registries (25,229 total)
• 6.5x increase in malicious ML models
• Only 43% of organizations perform both code and binary security scans, down from 56% last year
• 37% of companies rely on manual efforts for ML model governance
• 27% increase in new CVEs, outpacing software package growth

Insights

Cybersecurity Analyst

JFrog's report reveals critical security threats affecting software supply chains including misscored vulnerabilities and poor AI/ML governance.

JFrog's comprehensive Software Supply Chain State of the Union 2025 report identifies a concerning "quad-fecta" of security vulnerabilities threatening software integrity: CVEs, malicious packages, exposed secrets, and human errors/misconfigurations. Their research detected 25,229 exposed secrets in public registries, marking a 64% year-over-year increase.

The report highlights a significant disconnect in vulnerability scoring systems. JFrog's security team found only 12% of CVEs rated as "critical" by government organizations actually justify that severity level. This scoring inflation creates unnecessary panic and contributes to developer burnout through wasted remediation efforts.

Particularly alarming is the emerging AI security landscape. With over 1 million new ML models added to Hugging Face in 2024 came a 6.5x increase in malicious models, signaling ML artifacts as an increasingly preferred attack vector. While 94% of companies use certified lists to govern ML usage, 37% rely on manual curation methods—creating dangerous governance gaps.

The research also identified deteriorating security scan practices, with only 43% of organizations applying security scans at both code and binary levels—down from 56% last year. This regression leaves critical blind spots where binary-level vulnerabilities can escape detection.

These findings reveal a software security landscape growing more complex faster than organizations can adapt. The 27% increase in disclosed CVEs (over 33,000) compared to 2023 significantly outpaces the growth rate of new software packages (24.5%), creating mounting pressure on security teams that potentially hampers innovation.

Integrated Platform Delivers Enhanced Visibility, Efficiency and Scalability for Forestry Operations

WESTMINSTER, Colo., May 14, 2025 /PRNewswire/ -- Trimble^® (Nasdaq: TRMB) today launched Trimble Forestry One, a comprehensive technology platform built to connect and streamline forestry operations. Unveiled at the Trimble Forestry User Conference, Forestry One enhances forest management by leveraging Trimble's common data environment for seamless integration with Trimble Connected Forest^® solutions, while also simplifying regulatory compliance and optimizing supply chain management.

Trimble Forestry One extends the capabilities of Trimble Connected Forest solutions by connecting and leveraging operational, spatial and environmental data to enhance decision-making with forest inventory, harvest planning, logistics and supply chain traceability. The platform enables Trimble customers to address critical technical challenges such as disconnected workflows, siloed data and outdated interfaces, promoting a more connected and collaborative future for forestry.

Key capabilities delivered by Trimble Forestry One include:

• Robust Data Management: Maintain compliant, standardized and trusted data with enhanced visibility using solutions like Trimble DataSync for cloud storage/retrieval and Trimble DataVuze for API-driven reporting and insights.
• Unified Inventory Management: Gain a real-time, consolidated view of inventory throughout the procurement supply chain, improving operational control.
• Streamlined Sourcing & Chain of Custody: Simplify regulatory compliance (including EUDR) and manage timber traceability through Connected Forest Xchange Plus (CFX+) applications, handling ownership, search, import and export of source data.
• Efficient User Management & Security: Benefit from optimized user onboarding and administration alongside robust security monitoring and controls.
• End-to-End Timber Tracking: Achieve complete transparency and traceability by tracking timber movements from the forest to the mill.

With Trimble Forestry One, customers in the forest industry can leverage these capabilities to help:

• Reduce Costs: Optimize operational awareness and planning to reduce costs.
• Enhance Sustainability: Utilize data-driven insights for environmentally responsible practices and streamlined compliance reporting.
• Improve Transparency: Build trust with traceable supply chains and faster validation of activities.
• Reduce Risk: Minimize exposure to unforeseen events through proactive monitoring and data-informed decision-making.

"Trimble Forestry One represents a significant leap forward in technology and workflow enhancement for the forest industry," said Kevin Toohill, general manager, Forestry at Trimble. "Our goal is to transform how the sector operates by providing a unified platform that enhances collaboration, streamlines workflows and leverages the power of data to drive informed decisions."

Availability
Trimble Forestry One is now available to customers worldwide. To learn more about Trimble Forestry One, visit https://forestry.trimble.com/ or email forestrysales@trimble.com.

About Trimble
Trimble is a global technology company that connects the physical and digital worlds, transforming the ways work gets done. With relentless innovation in precise positioning, modeling and data analytics, Trimble enables essential industries including construction, geospatial and transportation. Whether it's helping customers build and maintain infrastructure, design and construct buildings, optimize global supply chains or map the world, Trimble is at the forefront, driving productivity and progress. For more information about Trimble (Nasdaq: TRMB), visit: www.trimble.com.

GTRMB

FAQ

What are the main security threats identified in JFrog's 2025 Software Supply Chain report?

The report identifies a 'Quad-fecta' of security threats: CVEs (Common Vulnerabilities and Exposures), malicious packages, secrets exposure, and misconfigurations/human errors.

How much has the number of exposed secrets increased according to JFrog's 2025 report?

JFrog's Security Research Team detected a 64% year-over-year increase in exposed secrets/tokens in public registries, totaling 25,229 exposures.

What percentage of organizations perform comprehensive security scans according to JFrog?

Only 43% of organizations perform both code and binary level security scans, down from 56% the previous year.

How accurate are critical CVE ratings according to JFrog's 2025 report?

Only 12% of CVEs rated as 'critical' (CVSS 9.0-10.0) by government organizations actually justify that severity level according to JFrog's analysis.

What is the state of ML model governance in 2025 according to JFrog's report?

While 94% of companies use certified lists to govern ML artifact usage, 37% rely on manual efforts to curate and maintain their lists of approved ML models.