Application security was analyzed in a recent report by Checkmarx. The study reveals that 92% of companies surveyed had experienced a breach in the prior year due to vulnerabilities of applications developed in-house.
According to the report, 49% of respondents said that their developers were involved in key AppSec solution purchases, 41% said that AppSec managers were involved and 40% of respondents indicated CISO involvement.
With more software to secure that has been deployed in more environments with less time available to secure it, 91% of companies have knowingly released vulnerable applications.
Asked why respondents had released vulnerable applications, business pressure was a significant reason with 29% of AppSec managers saying they had released the applications “to meet a business, feature or security-related deadline,” 18% of CISOs saying that they hoped the vulnerability would not be exploitable and 29% of developers saying that the vulnerability would be fixed in a later release.
Developers’ top three security concerns are focused on the tension between time-to-delivery demands and the potential volumes of vulnerabilities requiring remediation, including impediment of the development process by security demands, difficulty knowing which vulnerabilities to fix and how to prioritize them and lack of context to help remediate vulnerabilities. A significant 61% of developers said that it’s critical that security not block or decelerate the development process or become a barrier to business success. In order to close the gaps in application security, the seamless integration of developer-friendly AppSec tools within their workflows is essential.
Read the full report here.