In 2024, we published our first State of Software Supply Chain Security report. The goal was to better understand how teams were managing open-source risks, vulnerabilities, and DevSecOps processes.

We expected to find that secure teams relied on strict policies and specialized tools—but that’s not what we saw.

Visibility, Not Just Security Tools

After the survey, we continued conversations with many of the participants—through our customer success team, webinars, and informal follow-ups. Gradually, a pattern started to emerge.

The most secure teams didn’t just have more security tools—they had clarity. This meant:

• Centralized visibility into builds, deployments, and dependencies.
• Fewer status meetings, thanks to accessible, shared information.
• Well-coordinated teams, supported by consistent processes and smart automation.

In these environments, security wasn’t an extra layer—it was the result of how well the delivery process was managed overall. This consistent anecdotal evidence raised an interesting question:
What if operational maturity—not security focus alone—is what really drives software supply chain security?

Not All IT Teams Are Alike

We also recognized something else along the way: we can’t treat “IT teams” as a single category.

In 2025, nearly every company with more than 50 employees has IT professionals—but the kinds of companies they work for vary widely, as well as the challenges they face. We’ve started to define the landscape in three broad categories:

⭐ Cloud-native software/mobile application companies, where 50–90% of employees are in engineering roles.

⭐ IT-enabled businesses, where IT is essential but not the core business (20–50% in IT roles).

⭐ Industry leaders and tech giants like Google and Microsoft, that build internal tools most other companies can’t.

Much of the DevOps world is shaped by early adopters and innovators—but we wanted to hear more from the early majority and late majority.

These companies are bridging the volume zone—navigating real-world constraints, increasing complexity, and rising expectations, often without the luxury of custom internal platforms. We designed this year’s survey for them.

Survey Method

To understand the current state of software supply chains, we ran a structured survey for verified IT professionals using Google Forms. Verification ensured our responses came from real individuals working in relevant roles at legitimate organizations.

We promoted the survey on LinkedIn and X (formerly Twitter), focusing primarily on small to mid-sized companies outside the tech industry, targeting roles like software developers, DevOps engineers, platform teams, and IT leaders. The survey included:

• 11 questions on organizational context—company size, tech stack, and team structure.
• 15+ questions on supply chain practices—release frequency, automation, governance, and visibility

We also conducted follow-up interviews with over 50 respondents to better understand the “why” behind their answers and uncover patterns not visible in the raw data.

What the 2025 Survey Revealed

For our 2025 report, we expanded the focus from security-specific concerns to a broader look at Software Supply Chain Management. We surveyed around 500 professionals—including developers, DevOps engineers, platform teams, and IT leaders—about how they manage delivery pipelines, automation, coordination, and visibility across teams.

Here’s what we found:

Many organizations face consistent and recurring challenges in their software delivery process:

• Delays or incomplete releases are common, often due to coordination issues or late discovery of blockers.
• Too much time is spent on reporting, especially during daily standups, status updates, or the preparation of executive summaries.
• Backlogs are overloaded, and stakeholders lack confidence that new features can be delivered on schedule.

These issues aren’t always technical—they’re often systemic. In many cases, we found:

• Teams rely on a single, rigid release pipeline, making it difficult to adapt to different types of changes or priorities.
• The lack of centralized visibility means delays and blockers are discovered too late.
• There are communication gaps, where common terms like “build” are interpreted differently across roles, leading to misalignment between the stakeholders and the technical teams.

And that’s just scratching the surface. Across the board, it’s clear that better-managed software supply chains don’t just improve delivery—they naturally lead to stronger coordination, greater predictability, and ultimately, better security.

From Insight to Action

Many teams want to improve how they manage software delivery and reduce risk—but diagnosing the root causes is hard, especially under the constant pressure to ship. To help with that, we’re launching new professional services designed to:

• Identify inefficiencies and risks in your software supply chain
• Uncover visibility gaps and coordination breakdowns
• Provide practical, tailored recommendations that actually work in your environment

Whether your goal is stronger security, fewer outages, or just fewer surprises in your release cycle, improving your software supply chain is a good place to start.

And we’re here to help.