Checkmarx, a global leader in application security solutions, released its Global Pulse on Application Security study at the 2023 RSA Conference in San Francisco. The study was developed with Censuswide and aimed to identify global trends in security challenges faced by CISOs, application security leaders, and software developers as migration to the cloud and digital transformation have become enterprise imperatives. The research, which surveyed over 1,500 individuals, revealed that 88% of AppSec managers had experienced at least one breach in the prior year due to vulnerable application code. The shift toward modern development practices incorporating microservices and serverless technologies, container security, and infrastructure as code (IaC) has multiplied the potential attack surface, thereby identifying critical new priorities for application security.
The report also indicated that 86% of software developers and AppSec managers surveyed have or know someone who has knowingly deployed vulnerable code. An average of 60% of vulnerabilities was detected during the code, build, or test phase, according to AppSec managers surveyed. CISOs surveyed identified the highest-priority security risks at their organizations as increased use and exposure of APIs, open source software supply chain risks, application containerization risks, open-source software risks, and infrastructure-as-code risks. Surveyed AppSec managers who experienced breaches listed open-source software supply chain attacks, stolen credentials, secrets or weak authentication/authorization, and known and/or unknown vulnerabilities in code released to production as the top three causes.
The study found that only 34% of developers surveyed report that their AppSec scans are completely integrated and automated into their software configuration management systems, integrated development environments, and continuous integration/continuous delivery tooling. Additionally, only 22% of surveyed CISOs believe that their developers are highly proficient in AppSec best practices. Checkmarx’s CEO, Sandeep Johri, emphasized the complexity of cloud-native applications and highlighted the importance of a comprehensive "shift everywhere" approach to AppSec. This approach ensures vulnerabilities can be addressed at any point during the software development lifecycle, ultimately priming the business for success.
The research underscores the need for organizations to prioritize application security as they migrate to the cloud and engage in digital transformation. As the number of security risks increases, companies must take a proactive approach to protect against potential breaches and vulnerabilities.
###
Comments