This paper presents the results of a survey that sought to understand how IT decision makers are thinking about the term “software supply chain attacks.”