I just recently had to setup a new work development machine. I had to go through the most pedantic process I've ever experienced. Getting any software package approved on this computer took days. It literally took me 2 months before I could use the machine.
The ridiculous thing is that all of the software repos I connect to are just blanket approved and this is where the greatest threats likely exist. I use NPM every day so that's a pretty serious attack vector. There are ways around protecting what NPM libraries devs are using, but that never occurs to the security "experts". Here's for hoping I get access to wget in the next week or so.