Leaders and teams disagree on who is responsible for software security

The The Transform Technology Summits begin October 13 with Low-Code / No Code: Enabling Enterprise Agility. Register now!

Leaders in the boardroom and C suite are realizing the damaging effects software supply chain attacks can have on their organizations, but they are taking no action. According to a recent report from Venafi, senior IT executives agree (97%) that software creation processes are not secure enough, but there is a lag when it comes to which team is responsible. driving security changes… 61% of executives said IT security teams should be responsible for software security, while 31% said development teams should be.

This lack of consensus hampers efforts to improve the security of software creation and distribution environments and exposes every company that purchases commercial software to SolarWinds-type supply chain attacks. At the same time, security teams, who are tight on budget and resources, rarely have visibility or control over security controls in software development environments. To make matters worse, there is no standard framework that would help them assess the security of the software they use.

The survey also found that 94% of executives believe there should be clear consequences for software companies who fail to protect the integrity of their software creation pipelines. These consequences could be penalties such as fines and increased legal liability for companies found to be negligent. It may seem surprising that executives encourage such a practice, but they understand that the obvious consequences will force software companies to move away from the “build quickly, fix security later” mentality that puts their customers and partners at risk.

Venafi’s survey evaluated the opinions of more than 1,000 IT and development professionals, including 193 executives responsible for both security and software development, and revealed a stark disconnect between the concerns of executives. regarding software supply chain security and executive action.

Read it full report by Venafi.


VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the topics that interest you
  • our newsletters
  • Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
  • networking features, and more

Become a member

Margie D. Carlisle