Amid Growing Application Attack Surface, Stagnant Staffing, Automation is Key AppSec Solution Requirement

New York, NY – September 6, 2024 – CyberRisk Alliance (CRA) has released its latest Cybersecurity Buyer’s Intelligence Report focused on application security. The report, based on a survey conducted among security and IT leaders, delivers crucial insights into the current state of application security practices and challenges facing organizations today.

As software development becomes increasingly complex, organizations are being forced to do more with less. The report reveals that smaller developer teams are tasked with securing more applications against a rising tide of vulnerabilities. This challenge is exacerbated by the growing threat of upstream attacks and the integration of open-source code, which often introduces new vulnerabilities into the software ecosystem.

Key Findings from the Report Include:

1. Reliability and Accuracy Are Paramount: 81% of survey respondents indicated that high accuracy and minimal false positives are their top priorities when selecting an application security tool. Additionally, 81% also emphasized the importance of regular updates to address the latest vulnerabilities, underscoring the critical need for tools that can keep pace with evolving threats.

2. Automation Grows in Importance: With new vulnerabilities emerging at an unprecedented rate, 54% of respondents now look for automated capabilities in their application security solutions. The ability to streamline the analysis and updating of code is becoming increasingly vital for organizations striving to maintain robust security postures.

3. Penetration Testing as a Preferred Method: The report reveals that 75% of organizations regularly conduct penetration testing as their primary method of assessing application security. This approach remains the most trusted way to identify vulnerabilities, followed closely by code reviews, which are employed by 65% of respondents.

4. Ongoing Frustrations with Compatibility and Support: Despite the importance placed on accuracy and automation, many respondents expressed frustrations with compatibility and reliability issues. Notably, 50% of respondents cited difficulties in keeping up with new vulnerabilities as a significant challenge, while 34% pointed to budget constraints as a barrier to effectively managing application security.

“The landscape of application security is evolving rapidly, and organizations must adapt to keep pace with the growing challenges,” said Bill Brenner, Senior Vice President of Content Strategy at CyberRisk Alliance. “This report highlights the critical areas where companies need to focus their efforts, particularly in improving accuracy and automation within their security practices. The ability to stay ahead of emerging threats while maintaining a seamless development process is no longer a luxury; it’s a necessity.”

These findings point to a need for application security solutions that are not only reliable and accurate but also capable of integrating with modern development environments. Given the increasing complexity of application development, alongside the persistent threats posed by upstream attacks and vulnerabilities in open-source code, organizations must adopt more robust approaches to secure the software lifecycle.

For more information and to access the full report, please visit https://www.scmagazine.com/whitepaper/application-security-buyers-prioritize-intuitive-user-interfaces-and-compliance-support

About CyberRisk Alliance

CyberRisk Alliance provides business intelligence that helps the cybersecurity ecosystem connect, share knowledge, accelerate careers, and make smarter and faster decisions. Through our trusted information brands, network of experts, and more than 250 innovative annual events we provide cybersecurity professionals with actionable insights and act as a powerful extension of cybersecurity marketing teams. Our brands include SC Media, the Official Cybersecurity Summits, Security Weekly, InfoSec World, Identiverse, CyberRisk Collaborative, ChannelE2E, MSSP Alert, LaunchTech Communications and TECHEXPO Top Secret.

Learn more at www.cyberriskalliance.com.