Study uncovers trends in breaches, supply chain loopholes and security confidence

Study uncovers trends in breaches, supply chain loopholes and security confidence

Checkmarx, a global leader in developer-centric application security testing (AST) solutions, has unveiled the findings of its new global report, AppSec: The View from Security and Software Development Experts. The report was commissioned by Checkmarx and developed with Censuswide to spotlight the biggest security challenges that application security (AppSec) managers and software developers are facing within their organisations in today’s threat landscape.

Report findings are based on online survey input from two samples of 754 AppSec managers and 770 software developers, collected globally between August 10 and August 31, 2021.

“Security breaches within the enterprise have unfortunately become a societal norm, so identifying those gaps and creating the solutions to eliminate them is integral to the success of businesses today,” said Maty Siman, Checkmarx Founder and CTO. “Overcoming these security challenges should be a top priority for modern organisations, and the results of this report attest to the specific needs of our trusted AppSec and developer communities.”

Building confidence in security

Following an AppSec-related incident, 38% of AppSec managers and software developers said their organisations deployed penetration testing exercises to prevent future breaches. Meanwhile, 40% of software developers stated their organisations issued mandatory AppSec training.

Despite multiple breaches in the last year due to vulnerable applications, 81% of developers remained confident in their ability to build a secure product, showcasing a commitment to selecting the proper tools to protect their organisations.

Supply chain challenges

More than a quarter (26%) of respondents cited ‘gaining visibility into open source packages being utilised in custom applications’ as the biggest challenge when visualising and securing their software supply chains. A good proportion (49%) of software developers said they are adopting a DevSecOps model with security as a supply chain focus to lessen their risk of a breach, with 42% of AppSec managers saying the same.

Cloud adoption

Over half of AppSec managers and software developers (54%) stated that the shift to the cloud increased their concerns around secure application development. However, each group’s challenges differed: AppSec managers struggled the most with adopting cloud native security testing methodologies (37%), whereas software developers had more difficulty with effectively and efficiently monitoring applications running in the cloud (41%).

AppSec training and awareness

Software developers said they receive application security and awareness training six times a month on average. The major concern lies in the effectiveness of the training as 23% of developers and only 17% of AppSec managers described the training as effective.

Click below to share this article

Browse our latest issue

Intelligent CIO Europe

View Magazine Archive