The big issue I see in my daily work life is that management acts as if using a third-party solution, be it proprietary or open-source, means we will receive perfect code at the beginning and never have to update it. We lock versions early in the dev cycle, but if a new version comes out mid-development there is a general distrust of changing to the new one.
And then, when the inevitable critical issue is discovered after we have release, we have no efficient plan on how to update. At least GPL solves that; when users have a pure-GPL system, they can always recompile/relink everything themselves after the big patch. But if I statically link a proprietary license library into our proprietary product, we have to step in and rebuild to get the fix out there. And the lack of preparation for this process does endanger security.
The management teams I've worked with are typically better at estimating and preparing for critical field breaks in "our" code. But that's why they like third-party, and that assumption of "perfect" that makes the future look so much better. So the bigger issue is that managers endanger secure software development.