Introducing SBOM360 Hub - Software Supply Chain Security for your Software Distribution Chain.
Read the Blog
Read the Press Release
Press Release
Come visit us at BlackHat 2023
BlackHat 2023

Lineaje Weekly Chart

Insights into your Software Supply Chain

Browse all posts

Our Lineaje Chart of the Week series offers a weekly insight into “What’s in your software”?. It strives to raise awareness about the risks and returns that your software supply chain brings in with it.

April 2024 : Volume 2

Data-centric Network Access Backdoors are embedded in Open-Source Software!

21% of components in most popular open-source projects harbor backdoor vulnerabilities that enable direct network access.  These vulnerabilities are more easily exploitable.

April 2024 : Volume 1

XZ is a wakeup call – 5.3% of Open–Source components are pre-tampered!

Can you detect pre-tampered components like XZ in your applications?

Mar 2024 : Volume 3

Open-source software: Ten times the innovation, ten times the risk!

Open-source developers are great innovators. Great maintainers? Not so much!

Mar 2024 : Volume 2

Where do your “critical” open-source dependencies come from?

Lineaje analysis on a sample of set of 59 project from the Top 150 "Most Critical" open-source projects as designated by Linux OpenSSF .

Mar 2024 : Volume 1

Open-source software ages badly! Earlier the version, higher the risk. Latest OSS versions decrease risk.

Feb 2024 : Volume 3

Poisoned Software Supply Chains

You hire contractors to do a job. Your contractors hire sub-contractors. The sub-contractors hire more sub-contractors creating a chain that may be 30 levels deep. And soon, you no longer know theorigin of some people working on your job. How risky is that?

Feb 2024 : Volume 2

A third of your Open-Source Software are not fully attestable and that should worry you – a lot!

Feb 2024 : Volume 1

Are your Open-Source dependencies POISONED?

There is a spectrum from fully known to completely unknown components. Do you know that distribution for your software application?

Jan 2024 : Volume 2

Open Source Software Charts:  OSS risk is determined more by the quality of its dependencies than by the quality of its developers!

OSS hides 2/3rd of its inherent risks and your existing tools cannot detect them.

Jan 2024 : Volume 1

82% of Open-Source components are inherently risky

In the ever-evolving landscape of software development, Open-Source has become a cornerstone for innovation and efficiency. However, our recent analysis has shed light on a crucial aspect that demands our attention – the inherent risks associated with Open-Source components. In our comprehensive study, we discovered that a shocking 82% of components in Open-Source software carry inherent risks. This finding not only underscores the prevalence of challenges but also emphasizes the need for a strategic approach to mitigate potential risks and vulnerabilities.

Dec 2023 : Volume 1

A Positive Revelation with Open Source Software!

Recent findings based on Lineaje Labs study, reveal that a significant 89% of components in open source projects are free from vulnerabilities! This discovery challenges the misconception that open source inherently compromises software security.

Nov 2023 : Volume 2

90% of software components in Open-Source are transitive, invisible dependencies

The recent finding that 90% of software components in open-source software reside in transitive, invisible dependencies carries significant security implications for the software development community.

Nov 2023 : Volume 1

Every Open-Sourcedependency is a softwaresupply chain by itself!

Brace yourselves for a game-changing revelation! Recent research has shed light on a pivotal security insight: a staggering 68% of code in Open Source Software (OSS) packages is contributed by providers and suppliers other than the package owner!

This finding carries profound security implications, underlining the intricate web of dependencies within OSS projects. It reinforces the critical need for a robust Software Supply Chain Security Management Service. Understanding and addressing these implications is paramount.

Oct 2023 : Volume 4

Unearthing the Hidden Risks: Critical Inherent Risk Scores in Open-Source Components
Insights into your Software Supply Chain

In today's rapidly evolving tech landscape, open-source software has become the backbone of countless applications and systems. However, a recent study by Lineaje AI Labs has shed light on a concerning statistic - a staggering 40% of open-source software components have a Critical inherent risk score.

Oct 2023 : Volume 3

Packages are reused 2.7 times on average within the same Open-Source Project

Within open-source software, a fascinating trend has emerged: packages are reused an average of 2.7 times within the same open-source project. This phenomenon carries significant implications for security, software supply chain security, and maintenance practices within the open-source ecosystem.

Oct 2023 : Volume 2

Fixed vs Unfixed Vulnerabilities Distribution in Open-Source Software

Based on Lineaje AI Labs research the majority of vulnerabilities in open-source are not fixed by open source developers. Lineaje AI labs analyzed 121,443 open-source projects and discovered 118,573 vulnerabilities in them. The saving grace is that vulnerabilities are not evenly distributed across dependencies.

Oct 2023 : Volume 1

Vulnerabilities by Dependency Level in Open-Source Projects

Based on Lineaje Labs research a staggering 77% of vulnerabilities in open-source reside within transitive dependencies (which your developers cannot patch). Open Source Projects pull in 20+ levels of dependencies. Along with those dependencies come their vulnerabilities. Lineaje AI labs analyzed 121,443 open source projects and discovered 118,573 vulnerabilities in them.

Sept 2023 : Volume 1

What’s in your open-source software?

Lineaje research indicates that 8.3% of Open Source Software is of unknown origin.

  • 3% of components embedded in open source software as dependencies don’t come from where the open source developers claimed to have gotten them from. So you don’t know where they came from and neither do the developers that included them!
  • 5.3% of all components come from the PURL (Package URL) where they were included. However, the version included does not match the version published by the developing product. They have been tampered with and the tampered source code from where they were built is not available to you.
Application Security
Digital Innovator 2023
Most Innovative Software Supply Chain Security
Cybersecurity Company
Software Supply Chain Security
Industry Solutions

Integrations and Language Support

Lineaje is continuously adding support for your favorite languages and integrations to connect with tools, pipelines, and workflows.

Trusted by brands globally