New DevSecOps study highlights need to address AppSec throughout the SDLC | SC Media

New DevSecOps study highlights need to address AppSec throughout the SDLC

August 25, 2020
  • Most organizations believe their application security program is effective, though many still push vulnerable applications into production. Sixty-nine percent of survey respondents rate the efficacy of their current program as an eight or higher on a scale of 1-10 (with 10 being the most effective). However, most (60%) have experienced production application exploits involving OWASP Top 10 vulnerabilities in the past 12 months.
  • DevOps integration is a critical element for improvement. Over a quarter (26%) of respondents note a difficulty or lack of integration between different application security vendor tools as the most common challenge.
  • Developers play an important role in application security, but they lack the skills and training. Nearly one-third (29%) of respondents express that developers within their organization lack the knowledge to mitigate issues identified by their current application security tools.
  • Organizations are planning to increase application security spending. Over half (51%) of respondents plan to increase application security spending significantly in the next year.
  • AppSec tool proliferation is driving many organizations to invest in consolidation. With 72% of respondents utilizing more than 10 tools, complexity becomes a key issue. Due to this, over a third are focusing investments on consolidation.

prestitial ad