New DevSecOps study highlights need to address AppSec throughout the SDLC
August 25, 2020
Most organizations believe their application security program is effective, though many still push vulnerable applications into production. Sixty-nine percent of survey respondents rate the efficacy of their current program as an eight or higher on a scale of 1-10 (with 10 being the most effective). However, most (60%) have experienced production application exploits involving OWASP Top 10 vulnerabilities in the past 12 months.
DevOps integration is a critical element for improvement. Over a quarter (26%) of respondents note a difficulty or lack of integration between different application security vendor tools as the most common challenge.
Developers play an important role in application security, but they lack the skills and training. Nearly one-third (29%) of respondents express that developers within their organization lack the knowledge to mitigate issues identified by their current application security tools.
Organizations are planning to increase application security spending. Over half (51%) of respondents plan to increase application security spending significantly in the next year.
AppSec tool proliferation is driving many organizations to invest in consolidation. With 72% of respondents utilizing more than 10 tools, complexity becomes a key issue. Due to this, over a third are focusing investments on consolidation.
Cryptocurrency trading platform BitMart confirmed Dec. 4 that cyber-thieves had made off with $150 million; and hackers stole $120 million from the BadgerDAO crypto network, another DeFi platform, on Dec. 1.
While there are other cyber provisions in the NDAA, a long-touted incident notification rule, requiring some victims of breaches to alert the federal government within a few days of noticing, was not included.