This isn't exclusively or particularly solved by VC-funded or giant tech companies - Dropbox once deployed a bad build that accepted any password, Apple accidentally had a blank root password, I'm sure there are many more embarrassing tales like this.
Not saying that big companies don't have security issues. Expressing it differently: having multiple heterogeneous dependencies increases the effectiveness of supply chain attacks.
Now imagine you have 16 national industries that you've defined as basically "needing the best security reasonable", and most of those industries only deal with security as much as their insurance companies make them.