STOCK TITAN
  1. Home
  2. News
  3. TRMB
  4. Trimble Launches Forestry One to Connect and Streamline Forestry Operations

Trimble Launches Forestry One to Connect and Streamline Forestry Operations

Rhea-AI Impact
(Neutral)
Rhea-AI Sentiment
(Positive)
Tags
Rhea-AI Summary
JFrog has released its Software Supply Chain State of the Union 2025 report, revealing critical security challenges in the software industry. The report, based on insights from 1,400+ professionals across six countries and data from 7,000+ customers, identifies a "Quad-fecta" of security threats: CVEs, malicious packages, secrets exposure, and misconfigurations. Key findings include: a 64% YoY increase in exposed secrets/tokens (25,229 total), 6.5x growth in malicious ML models, and concerning statistics showing only 43% of organizations perform both code and binary security scans. The report also highlights that 94% of companies use certified lists for ML artifact governance, but 37% rely on manual efforts. Additionally, there's been a 27% increase in new CVEs, with only 12% of "critical" rated vulnerabilities truly justifying that severity level.
JFrog ha pubblicato il rapporto Software Supply Chain State of the Union 2025, rivelando sfide critiche per la sicurezza nell'industria del software. Il rapporto, basato su dati raccolti da oltre 1.400 professionisti in sei paesi e 7.000 clienti, individua una "Quad-fecta" di minacce alla sicurezza: CVE, pacchetti dannosi, esposizione di segreti e configurazioni errate. Risultati chiave includono un aumento del 64% su base annua dei segreti/token esposti (25.229 totali), una crescita di 6,5 volte dei modelli ML malevoli e dati preoccupanti che mostrano come solo il 43% delle organizzazioni esegua sia scansioni di sicurezza sul codice che sui binari. Il rapporto evidenzia inoltre che il 94% delle aziende utilizza liste certificate per la governance degli artefatti ML, ma il 37% si affida a processi manuali. Inoltre, si registra un aumento del 27% delle nuove CVE, con solo il 12% delle vulnerabilità classificate come "critiche" che giustificano realmente tale livello di gravità.
JFrog ha publicado su informe Software Supply Chain State of the Union 2025, revelando desafíos críticos de seguridad en la industria del software. El informe, basado en datos de más de 1,400 profesionales en seis países y 7,000 clientes, identifica una "Cuádruple amenaza" de seguridad: CVEs, paquetes maliciosos, exposición de secretos y configuraciones erróneas. Hallazgos clave incluyen un aumento del 64% interanual en secretos/tokens expuestos (25,229 en total), un crecimiento de 6.5 veces en modelos ML maliciosos y estadísticas preocupantes que muestran que solo el 43% de las organizaciones realiza escaneos de seguridad tanto de código como de binarios. El informe también destaca que el 94% de las empresas utiliza listas certificadas para la gobernanza de artefactos ML, pero el 37% depende de esfuerzos manuales. Además, ha habido un aumento del 27% en nuevas CVEs, con solo el 12% de las vulnerabilidades calificadas como "críticas" que realmente justifican ese nivel de gravedad.
JFrog는 2025년 소프트웨어 공급망 현황 보고서를 발표하며 소프트웨어 산업의 중요한 보안 문제를 공개했습니다. 이 보고서는 6개국의 1,400명 이상의 전문가와 7,000명 이상의 고객 데이터를 바탕으로 CVE, 악성 패키지, 비밀 노출, 잘못된 구성이라는 '4중 보안 위협'을 식별했습니다. 주요 발견 사항으로는 노출된 비밀/토큰이 전년 대비 64% 증가(총 25,229건), 악성 ML 모델이 6.5배 증가, 그리고 조직의 43%만이 코드와 바이너리 보안 스캔을 모두 수행한다는 우려스러운 통계가 포함됩니다. 또한 보고서는 94%의 기업이 ML 아티팩트 거버넌스를 위해 인증된 목록을 사용하지만 37%는 수동 작업에 의존한다고 강조합니다. 신규 CVE는 27% 증가했으며, '치명적' 등급의 취약점 중 실제로 그 심각도를 정당화하는 경우는 12%에 불과합니다.
JFrog a publié son rapport Software Supply Chain State of the Union 2025, révélant des défis cruciaux en matière de sécurité dans l'industrie du logiciel. Le rapport, basé sur les retours de plus de 1 400 professionnels dans six pays et des données de plus de 7 000 clients, identifie une « Quad-fecta » de menaces de sécurité : CVE, paquets malveillants, exposition de secrets et mauvaises configurations. Principales conclusions : une augmentation de 64 % en glissement annuel des secrets/tokens exposés (25 229 au total), une croissance de 6,5 fois des modèles ML malveillants, et des statistiques inquiétantes montrant que seulement 43 % des organisations effectuent à la fois des analyses de sécurité du code et des binaires. Le rapport souligne également que 94 % des entreprises utilisent des listes certifiées pour la gouvernance des artefacts ML, mais que 37 % s'appuient sur des efforts manuels. De plus, on note une augmentation de 27 % des nouvelles CVE, avec seulement 12 % des vulnérabilités classées « critiques » justifiant réellement ce niveau de gravité.
JFrog hat seinen Bericht Software Supply Chain State of the Union 2025 veröffentlicht, der kritische Sicherheitsherausforderungen in der Softwarebranche aufzeigt. Der Bericht basiert auf Erkenntnissen von über 1.400 Fachleuten aus sechs Ländern und Daten von mehr als 7.000 Kunden und identifiziert eine "Vierfach-Bedrohung" für die Sicherheit: CVEs, bösartige Pakete, Geheimnislecks und Fehlkonfigurationen. Wichtigste Erkenntnisse sind unter anderem ein Anstieg der exponierten Geheimnisse/Token um 64 % im Jahresvergleich (insgesamt 25.229), ein 6,5-faches Wachstum bösartiger ML-Modelle sowie besorgniserregende Statistiken, die zeigen, dass nur 43 % der Organisationen sowohl Code- als auch Binär-Sicherheitsprüfungen durchführen. Der Bericht hebt außerdem hervor, dass 94 % der Unternehmen zertifizierte Listen für die Governance von ML-Artefakten verwenden, aber 37 % auf manuelle Verfahren setzen. Zudem gab es einen Anstieg der neuen CVEs um 27 %, wobei nur 12 % der als "kritisch" eingestuften Schwachstellen diese Schwere tatsächlich rechtfertigen.
Positive
  • Comprehensive research spanning 1,400+ professionals across 6 countries and 7,000+ customers provides valuable industry insights
  • 94% of companies are implementing certified lists for ML artifact governance
  • JFrog's security research team is actively identifying and analyzing security threats and CVE scoring issues
Negative
  • 64% YoY increase in exposed secrets/tokens in public registries (25,229 total)
  • 6.5x increase in malicious ML models
  • Only 43% of organizations perform both code and binary security scans, down from 56% last year
  • 37% of companies rely on manual efforts for ML model governance
  • 27% increase in new CVEs, outpacing software package growth

Insights

JFrog's report reveals critical security threats affecting software supply chains including misscored vulnerabilities and poor AI/ML governance.

JFrog's comprehensive Software Supply Chain State of the Union 2025 report identifies a concerning "quad-fecta" of security vulnerabilities threatening software integrity: CVEs, malicious packages, exposed secrets, and human errors/misconfigurations. Their research detected 25,229 exposed secrets in public registries, marking a 64% year-over-year increase.

The report highlights a significant disconnect in vulnerability scoring systems. JFrog's security team found only 12% of CVEs rated as "critical" by government organizations actually justify that severity level. This scoring inflation creates unnecessary panic and contributes to developer burnout through wasted remediation efforts.

Particularly alarming is the emerging AI security landscape. With over 1 million new ML models added to Hugging Face in 2024 came a 6.5x increase in malicious models, signaling ML artifacts as an increasingly preferred attack vector. While 94% of companies use certified lists to govern ML usage, 37% rely on manual curation methods—creating dangerous governance gaps.

The research also identified deteriorating security scan practices, with only 43% of organizations applying security scans at both code and binary levels—down from 56% last year. This regression leaves critical blind spots where binary-level vulnerabilities can escape detection.

These findings reveal a software security landscape growing more complex faster than organizations can adapt. The 27% increase in disclosed CVEs (over 33,000) compared to 2023 significantly outpaces the growth rate of new software packages (24.5%), creating mounting pressure on security teams that potentially hampers innovation.

The Software Supply Chain State of the Union 2025 Report Reveals “Quad-fecta” of Security Exploits, Mis-scored CVEs, Poor ML Model Governance, & more are Jeopardizing Trust in Newly Created Software

SUNNYVALE, Calif. & LONDON--(BUSINESS WIRE)-- (KubeCon + CloudNativeCon Europe) — JFrog Ltd (Nasdaq: FROG), the Liquid Software company and creators of the JFrog Software Supply Chain Platform, today released the Software Supply Chain State of the Union 2025 report, which highlights emerging software security threats, evolving DevOps risks and best practices, and potentially explosive security concerns in the AI era.

The Software Supply Chain State of the Union 2025 Report Reveals “Quad-fecta” of Security Exploits, Mis-scored CVEs, Poor ML Model Governance, & more are Jeopardizing Trust in Newly Created Software

The Software Supply Chain State of the Union 2025 Report Reveals “Quad-fecta” of Security Exploits, Mis-scored CVEs, Poor ML Model Governance, & more are Jeopardizing Trust in Newly Created Software

"Many organizations are enthusiastically embracing public ML models to drive rapid innovation, demonstrating a strong commitment to leveraging AI for growth. However, over a third still rely on manual efforts to manage access to secure, approved models, which can lead to potential oversights," said Yoav Landman, CTO and Co-Founder, JFrog. "AI adoption will only grow more rapidly. Thus, in order for organizations to thrive in today’s AI era they should automate their toolchains and governance processes with AI-ready solutions, ensuring they remain both secure and agile while maximizing their innovative potential."

Managing and securing the software supply chain end-to-end is an imperative for delivering trusted software releases. By combining insights from over 1,400 development, security and operations professionals across the U.S., U.K., France, Germany, India and Israel, with developer usage data from JFrog’s 7K+ customers, alongside original CVE analysis by the JFrog Security Research team, the JFrog Software Supply Chain State of the Union 2025 report reveals why this task is often challenging for companies amidst the expanding and frenzied threat landscape faced in today’s AI era.

Key Report Findings Include:

  • A “Quad-fecta” of Security Vulnerabilities are Threatening the Software Supply Chain: The top security factors impacting the integrity and safety of the software supply chain include: CVEs, malicious packages, secrets’ exposures, and misconfigurations/human errors. As an example, the JFrog Security Research Team detected 25,229 exposed secrets/tokens in public registries (up 64% YoY). The increasing complexity of software security threats are making it harder to maintain consistent software supply chain security.
  • AI/ML Model Proliferation and Attacks are Growing: In 2024, more than 1 million new ML models were added to Hugging Face, with an accompanying 6.5x increase in malicious models, indicating AI and ML models are increasingly becoming a preferred attack vector for bad actors.
  • Manual Governance of ML Models is Increasing Risk: Most companies (94%) are using certified lists to govern ML artifact usage, however over one-third (37%) of those rely on manual efforts to curate and maintain their lists of approved ML models. This overreliance on manual validation creates uncertainty around the accuracy and consistency of ML model security.
  • Limited Security Scanning Leaving Blind Spots: Alarmingly, only 43% of IT professionals say their organization applies security scans at both the code and binary levels, leaving many organizations vulnerable to security threats only detectable at the binary level. This is down from 56% last year - a sign that teams still have huge blind spots when it comes to identifying and preventing software risk as early as possible.
  • Critical Vulnerabilities Continue to Rise and be Mis-scored: In 2024, security researchers disclosed over 33K new CVEs, a 27% increase from 2023, surpassing the 24.5% growth rate of new software packages. This trend raises concerns as the growing number of CVEs increases complexity and pressure on developers and security teams, potentially hindering innovation. Meanwhile, JFrog Security found that only 12% of high-profile CVEs rated "critical" (CVSS 9.0-10.0) by government organizations justify the critical severity level they were assigned because they are likely to be exploited by attackers.1 This pattern is troubling due to a centralized and unchanged scoring methodology over time, which heightens the risk of false positives in assessments and contributes to developers experiencing "vulnerability fatigue."

“We uncovered a clear pattern by CVE scoring organizations to inflate scores and cause an unnecessary level of panic in the industry, sending developers scrambling on remediation efforts that often results in wasted cognitive and professional time,” said Shachar Menashe, Vice President of Security Research. “When DevSecOps teams are forced to remediate vulnerabilities that aren’t ultimately harmful, their everyday workflows are disrupted, which can lead to developer burnout and costly mistakes.”

The JFrog Software Supply Chain State of the Union 2025 report also outlines concerns around lack of code provenance visibility across the software supply chain, developers downloading open source software packages directly from public registries without filtering for vulnerabilities, the detriments of “security tool sprawl”, and more. To explore the full findings of this year’s report visit https://jfrog.com/software-supply-chain-state-of-union/ or read this blog.

You can also register to join JFrog security and developer experts on Thursday, April 24, 2025 at 9 AM PT for a webinar, “JFrog’s Software Supply Chain Report 2025: Trends, Threats & Actions,” detailing the challenges and complexities of managing and securing the software supply chain.

Like this Story? Share this on X (a.k.a. Twitter): @JFrog shares research findings in their Software Supply Chain State of the Union 2025 report. Discover the emerging #DevSecOps trends, risks & best practices to securing enterprise #SoftwareSupplyChain. Learn more: https://jfrog.co/43vkg3Y #SoftwareSupplyChain #DevOps #DevSecOps #cybersecurity #containers #CVE

About JFrog

JFrog Ltd. (Nasdaq: FROG) is on a mission to power the world with liquid software. We are replacing endless software updates with a single system of record that seamlessly delivers secure applications from developer to device. The JFrog Software Supply Chain Platform helps organizations build, manage, and distribute software quickly and securely, making applications available, traceable, and tamper-proof. Its integrated security features also help identify, protect, and remediate against threats and vulnerabilities. The Platform also brings ML models in line with all other software development processes, providing a single source of truth for all software components across Engineering, MLOps, DevOps, and DevSecOps teams so they can build and release AI applications faster, with minimal risk and less cost. JFrog’s hybrid, universal, multi-cloud platform is available as both self-hosted and SaaS services across major cloud service providers. Millions of users and 7K+ customers worldwide, including a majority of the Fortune 100, depend on JFrog solutions to securely embrace digital transformation. Once you leap forward, you won’t go back! Learn more at jfrog.com and follow us on X: @jfrog.

____________________

1 The JFrog Severity Rating methodology considers the likelihood of vulnerability exploitability, unlike CVSS ratings, which focus only on exploitation severity, often overestimating risks.

Media Contact:

Siobhan Lyons, Sr. Manager, Global Communications, siobhanL@jfrog.com

Investor Contact:

Jeff Schreiner, VP of Investor Relations, jeffS@jfrog.com

Source: JFrog Ltd.

FAQ

What are the main security threats identified in JFrog's 2025 Software Supply Chain report?

The report identifies a 'Quad-fecta' of security threats: CVEs (Common Vulnerabilities and Exposures), malicious packages, secrets exposure, and misconfigurations/human errors.

How much has the number of exposed secrets increased according to JFrog's 2025 report?

JFrog's Security Research Team detected a 64% year-over-year increase in exposed secrets/tokens in public registries, totaling 25,229 exposures.

What percentage of organizations perform comprehensive security scans according to JFrog?

Only 43% of organizations perform both code and binary level security scans, down from 56% the previous year.

How accurate are critical CVE ratings according to JFrog's 2025 report?

Only 12% of CVEs rated as 'critical' (CVSS 9.0-10.0) by government organizations actually justify that severity level according to JFrog's analysis.

What is the state of ML model governance in 2025 according to JFrog's report?

While 94% of companies use certified lists to govern ML artifact usage, 37% rely on manual efforts to curate and maintain their lists of approved ML models.
Stock TRMB logo
Trimble Inc

NASDAQ:TRMB

TRMB Rankings

#648 Ranked by Market Cap
N/A Ranked by Dividends

TRMB Latest News

May 7, 2025
Trimble Announces First Quarter 2025 Results
May 1, 2025
Woolpert Selected to Implement Trimble Asset Management System Solution for San Diego International Airport
May 1, 2025
Murphy Tractor Becomes First Trimble Technology Outlet for John Deere Construction Equipment
Apr 29, 2025
Trimble Announces Change of Auditor
Apr 25, 2025
Trimble Announces Filing of Form 10-K for 2024

TRMB Stock Data

15.11B
237.82M
0.35%
96.65%
1.2%
Scientific & Technical Instruments
Measuring & Controlling Devices, Nec
Link
United States
WESTMINSTER