However, the C-Suite does not require the providers to be more secure in the software supply chain

SALT LAKE CITY, September 14, 2021– (BUSINESS WIRE) –Venafi®, the inventor and leader of machine identity management, today announced survey results highlighting the challenges in improving the security of the software supply chain. The survey evaluated the opinions of more than 1,000 IT and development professionals, including 193 executives responsible for both security and software development, and revealed a blatant discrepancy between executives ‘concerns and executives’ actions. While 94% of executives believe that software vendors who fail to protect the integrity of their software build pipelines should have clear ramifications (fines, increased legal liability for demonstrably negligent companies), most have done little to change the way they do the security of the software they buy and the assurances they ask from software providers.

According to ENISA, attacks on the supply chain such as SolarWinds, Codecov and Kaseya are expected Increase by a factor of four in 2021. Managers are much more concerned about their vulnerability to software supply chain attacks and are aware of the urgent need for action. However, the survey results show that they are not taking any action to drive change.

The most important findings include:

  • 97% of executives believe software vendors need to improve the security of their software build and code signing processes.

  • 96% of executives believe that software vendors should be required to ensure the integrity of the code in their software updates.


  • 55% of executives say the SolarWinds hack had little or no impact on the concerns they consider when purchasing software products for their business.

  • 69% of executives say their company hasn’t increased the number of questions they ask software vendors about the processes used to keep their software secure and to verify code.

  • Within their own organizations, executives disagree on who is responsible for improving security within their own software development organizations, with 48% of respondents saying IT security is responsible and 46% saying development teams are responsible.

“There is a clear discrepancy between worrying about supply chain attacks and improving security controls and processes to mitigate that risk,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “Executives are right to be concerned about the impact of attacks on the supply chain. These attacks pose serious risks to any company using commercial software and are extremely difficult to defend. To address this systemic problem, the entire technology industry has to change directions. ”We build and buy software. Not only can executives treat this as another technical problem – it poses an existential threat. C-level executives and boards of directors must require that software vendor security and development teams make clear assurances about the security of their software. “

Additional resources:

read this Blog.

About Venafi

Venafi is the market leader in cybersecurity in the field of machine identity management, securing machine-to-machine connections and communication. Venafi protects machine identity types by orchestrating cryptographic keys and digital certificates for SSL / TLS, SSH, code signing, mobile and IoT. Venafi provides global visibility into machine identities and the associated risks for the extended enterprise – on-premise, mobile, virtual, cloud and IoT – in terms of machine speed and scale. Venafi puts this intelligence into action with automated troubleshooting that reduces the security and availability risks associated with weak or compromised machine identities, while protecting the flow of information to trusted machines and preventing communication with untrusted machines.

With more than 30 patents, Venafi delivers innovative solutions to the most demanding, safety-conscious Global 5000 organizations and government agencies, including the top five US health insurers; the top five US airlines; the four largest credit card issuers; three of the four leading auditing and consulting firms; four of the top five US retailers; and the four leading banks in each of the following countries: US, UK, Australia and South Africa.

For more information visit:

View source version on


Shelley Boose

Source link
#Venafi #Survey #Executives #Organizations #negligent #protecting #security #software #build #environments #face #clear #consequences

Leave a Reply