Cambridge, MA, March 12, 2025 (GLOBE NEWSWIRE) – ReversingLabs (RL), a renowned name in the sphere of file and software security, has just published its third annual Software Supply Chain Security Report. The 2025 report sheds light on the intensifying complexity of software supply chain attacks, driven by pervasive vulnerabilities in open-source and third-party commercial software and malicious schemes targeting AI and cryptocurrency development pipelines.
Based on the data from RL, open-source software continued to be a significant element of supply chain risk in 2024. For instance, incidents of exposed development secrets via publicly available open-source packages saw a 12% increase compared to 2023. Even the most widely used open-source packages continue to harbor critical and exploitable software flaws.
However, open-source software is not the only source of software supply chain risk. RL’s scan of more than two dozen widely used commercial-software binaries, including password managers, web browsers, VPN software, found evidence of potential risks hidden in third-party commercial binaries.
Mario Vuksan, Co-Founder and CEO of ReversingLabs, remarked, “The 2025 report underscores the challenges faced by software vendors and their enterprise buyers. First is the increasing sophistication of the attackers, and their willingness to invest years to plan and carry out their attacks. Second is the move beyond open source to target commercial software. This reinforces the need to establish better controls over the software we build and deploy. This is especially true with the rise of AI across the software supply chain.”
Other key findings of the 2025 SSCRR report include the targeting and exposure of third-party commercial software, serious risks lurking in open-source packages, attacks on cryptocurrency applications, and growing threats to AI supply chains.
About ReversingLabs: ReversingLabs is a trusted name in file and software security. Trusted by Fortune 500 and leading cybersecurity vendors, RL Spectra Core powers the software supply chain and file security insights, tracking over 422 billion searchable files daily with the ability to deconstruct full software binaries in seconds to minutes.
Media Contact: Doug Fraim, Guyer Group, [email protected]
