Software Security Treat or Threat? Leveraging SBOMs to Control Your Supply Chain Chaos [Infographic]

Editor's Note: The following is an article written for and published in DZone's 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle.

Software supply chain security is on the rise as systems advance and hackers level up their tactics. Gone are the days of fragmented security checkpoints and analyzing small pieces of the larger software security puzzle. Now, software bills of materials (SBOMs) are becoming the required norm instead of an afterthought. So the question is: Are supply chains and SBOMs a sweet pairing or a sticky solution?

Below are your playing cards, featuring key data from DZone audience's responses to our Software Supply Chain Security survey, to help guide you along your journey. So dodge the sour code, unwrap the SBOM mystery flavors, and follow the sweet trail toward a strengthened security posture. 

SBOM Savories

• 63% generate and use SBOMs in their development and security processes.
• 53% use SBOM generation and validation as their primary strategy to minimize attack surfaces.
• 51% update their SBOMs on a scheduled basis.

Sticky Vulnerabilities

• 63% name inconsistent or duplicate security controls as their top challenge in complex toolchains.
• 26% feel fully prepared to meet evolving regulatory compliance standards.
• 47% cite container images as their top supply chain threat.

Sweet Dependencies

• 63% note zero-trust architecture as the most critical strategy to secure hybrid or multi-cloud environments.
• 61% say using AI/ML for threat detection led to better threat prioritization.
• 68% use data masking or tokenization to protect data across CI/CD workflows.

This is an excerpt from DZone's 2025 Trend Report, Software Supply Chain Security: Enhancing Trust and Resilience Across the Software Development Lifecycle.

Read the Free Report