Re: Top stuff
Depends on who commissioned it. If the CEO is the only one who knows about it, presumably it originated with him or the board of directors. They have less incentive to bury the results than if it originated with someone who would shoulder a lot of the blame, i.e. chief security officer (or equivalent)
If the CSO originated something like this, thinking "we're so secure, we'll pass with flying colors and when I show it to the CEO, I'll get a raise" and then finds they are woefully deficient, he's probably not going to bring it with the CEO - at least not until he fixes a lot of the stuff so the results look better when compared to the average assessment, or he puts his thumb on the scale by alerting his subordinates of a coming 'attack' for round two.
Biting the hand that feeds IT
