The state of software supply chains: 2025 research

The latest research from IDC, co-sponsored by Canonical and Google Cloud, finds that 70% of organizations see open source software as extremely important to run mission-critical workloads.





But securing open source supply chains poses many challenges and places heavy burdens on IT teams. The survey indicates that 70% of IT teams spend more than 6 hours per week on security patching.

Learnings on global software supply chains

We surveyed 500 organizations with more than 250 full-time employees to understand what major challenges they face in securing their open source supply chain – and why these issues exist in the first place.


Read the full report for deeper insights into:

• Why almost 60% of IT decision-makers are not confident in their organization’s ability to patch critical vulnerabilities within 24 hours
• Why 9 out of 10 IT decision-makers would prefer to source dependencies from OS packages
• What barriers are blocking organizations from ensuring their software is compliant with regulations
• How AI is making the compliance landscape more challenging, with 60% of organizations reporting they have only basic or no security controls to safeguard their AI/ML systems.
  
  

To read more about this and the steps organizations can take on their path to resilience with open source software, download the report.

Contact information

• First name:
• Last name:
• Work email:
• Company name:
• Job title:
• Mobile/cell phone number:
• Country: Select... France Germany Japan United Kingdom United States of America —————————————————— Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia (Plurinational State of) Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cabo Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo (Democratic Republic of the) Cook Islands Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands (Malvinas) Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran (Islamic Republic of) Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea (Democratic People's Republic of) Korea (Republic of) Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macao Macedonia (the former Yugoslav Republic of) Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia (Federated States of) Moldova (Republic of) Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine, State of Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Barthélemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Martin (French part) Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten (Dutch part) Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and the South Sandwich Islands South Sudan Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States of America United States Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela (Bolivarian Republic of) Viet Nam Virgin Islands (British) Virgin Islands (U.S.) Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe
• I agree to receive information about Canonical's products and services.
• Website:
• Name:

• In submitting this form, I confirm that I have read and agree to Canonical's Privacy Notice and Privacy Policy.

• Download the whitepaper