Malicious actors have been pressing their advantage against vulnerable software supply chains with exponentially increasing attacks. Enterprises have been hampered in fighting back by lack of internal consensus on their security capabilities and practices. Recent survey findings uncovered multiple areas of disconnect between senior executives/managers (“executives”) and hands-on staff (“doers”).
Executives tended to have a comparatively rosier picture of their organization’s security posture. Compared to the doers, executives believed they were implementing more security practices, using more solutions, and defending more effectively against open-source risk. Similarly, they underestimated the time their teams were spending on vulnerability remediation and software package approvals.
