Polls and surveys are of limited use in telling us exactly what people are thinking or how they’ll act. This is a lesson we (re) learn every four years, when political junkies ride the “message” of each new poll, only to get schooled by voters on election day for over-reading the results of individual polls or failing to notice obvious flaws with the way in which the poll or survey was conducted – or who (or what) was behind the poll.
But the other thing we constantly have to (re)learn is that, while individual polls and surveys are a poor way to understand what’s going on, consistent patterns that span multiple polls over time often prove accurate and are borne out by events.
That’s why I look a recent spate of surveys that attempt to measure awareness of software supply chain risks as so interesting. While they differ in methodology and focus, these surveys present a clear message. Namely: threats and risks from vulnerable software supply chain are real, and they’re starting to freak people out.
Report: Digital Supply Chain Breaches Impact 98% of Organizations
GitGuardian: security practitioners worried about secrets leaks
The latest example of this is are findings from a newly released survey sponsored by GitGuardian. The survey of what GitGuardian describes as ”507 IT and security decision-makers” sought to gauge awareness about the risks posed by development secrets sprawl in large enterprises. Their conclusion? Development secrets leaks are a real problem and a major