The truth is, the companies who make your devices and code your infrastructure have limited visibility into each downstream contributor, and their intentions. It’s foolhardy to blindly trust the security of your supply chain to manufacturers and vendors who prioritize other things with their tech.
Informed trust requires verification, and that is the responsibility of each enterprise security team. You need to know if a device has been compromised and a bad actor has opened a trap door into your customer data, trade secrets, and even classified information. You need to continuously resecure your assets.