promote webinar 160x1200

promote webinar 160x1200

promote webinar 160x1200

promote webinar 160x1200

Wednesday, 15 September 2021 12:43

Executives concerned about software security but lack action: Venafi survey

By Venafi

GUEST RESEARCH: Evaluating the opinions of more than 1,000 IT and development professionals, including 193 executives with responsibility for both security and software development, a survey conducted by machine identity management and provider Venafi revealed there is a glaring disconnect between executive concern and executive action.

The survey reveals while 94% of executives believe there should be clear consequences (fines, greater legal liability for companies proven to be negligent) for software vendors that fail to protect the integrity of their software build pipelines, most have done little to change the way they evaluate the security of the software they purchase and the assurances they demand from software providers.

According to European Union Agency for Cybersecurity (Enisa), supply chain attacks on SolarWinds, Codecov and Kaseya, are expected to increase by a factor of four in 2021.

Executives are clearly much more concerned about their vulnerability to software supply chain attacks and aware of the urgent need for action. However, the survey results show that they are not taking action that will drive change.

Web Analytics

The survey findings include:
• 97% of executives believe that software providers need to improve the security of their software build and code signing processes.
• 96% of executives think that software providers should be required to guarantee the integrity of the code in their software updates.

However, the survey pointed out:
• 55% of executives report that the SolarWinds hack has had little or no impact on the concerns they consider when purchasing software products for their company.
• 69% of executives say their company has not increased the number of questions they are asking software providers about the processes used to assure the security of their software and verify code.

Within their own organisations, executives have differing views on who is responsible for improving the security within their own software development organisations, with 48% saying IT security is responsible and 46% saying development teams are responsible.

“There is a clear disconnect between concern about supply chain attacks and improving security controls and processes to mitigate this risk,” explains Venafi vice president of security strategy and threat intelligence Kevin Bocek.

“Executives are right to be concerned about the impact of supply chain attacks. These attacks present serious risks to every organisation that uses commercial software and are extremely difficult to defend against. To address this systemic problem, the entire technology industry needs to change the way we build and buy software,” Bocek concludes. “Executives can’t treat this as just another technical problem—it’s an existential threat. C-level executives and boards need to demand that security and development teams for software vendors provide clear assurance about the security of their software.”

For more information about the survey, click here

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News