The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!
Executives from the boardroom and the C-suite are realizing the damaging effect software supply chain attacks can have on their organizations, but they aren’t taking action. According to a recent report from Venafi, senior IT executives agree (97%) that software build processes are not secure enough, yet there is a disconnect when it comes to which team is responsible for driving security changes… 61% of executives said IT security teams should be responsible for software security, while 31% said development teams should be.
This lack of consensus is hindering efforts to improve the security of software build and distribution environments and exposing every company that buys commercial software to SolarWinds-style supply chain attacks. At the same time, security teams, who are strapped for budget and resources, rarely have visibility or control into the security controls in software development environments. To make matters worse, there is no standard framework that would help them evaluate the security of the software they use.
The survey also found that 94% of executives believe there should be clear consequences for software vendors that fail to protect the integrity of their software build pipelines. These consequences could be penalties such as fines and greater legal liability for companies proven to be negligent. It might seem surprising that executives are encouraging such a practice, but they understand that clear consequences will force software vendors to shift away from the ‘build fast, fix security later’ mentality that leaves their customers and partners at risk.
Venafi’s survey evaluated the opinions of more than 1,000 IT and development professionals, including 193 executives with responsibility for both security and software development, and revealed a glaring disconnect between executive concern about software supply chain security and executive action.
Read the full report by Venafi.
Open source is an engine for innovation, offering reliability, scalability and security for IT leaders intent on future-proofing their infrastructure. Learn how.
Hear from CIOs, CTOs, and other C-level execs on data and AI strategies
© 2021 VentureBeat. All rights reserved.
We may collect cookies and other personal information from your interaction with our website. For more information on the categories of personal information we collect and the purposes we use them for, please view our Notice at Collection.