News
New Checkmarx Study Uncovers Alarming Trends in Breaches, Supply Chain Loopholes and Security Confidence
November 2021 by Marc Jacob
Checkmarx unveiled the findings of its new global report, “AppSec: The View from Security and Software Development Experts.” The report was commissioned by Checkmarx and developed with Censuswide to spotlight the biggest security challenges that application security (AppSec) managers and software developers are facing within their organisations in today’s threat landscape.
Report findings are based on online survey input from two samples of 754 AppSec managers and 770 software developers, collected globally between August 10 and 31, 2021.
“Security breaches within the enterprise have unfortunately become a societal norm, so identifying those gaps and creating the solutions to eliminate them is integral to the success of businesses today,” said Maty Siman, Checkmarx founder and CTO. “Overcoming these security challenges should be a top priority for modern organisations, and the results of this report attest to the specific needs of our trusted AppSec and developer communities.”
Building confidence in security
Following an AppSec-related incident, 38% of AppSec managers and software developers said their organisations deployed penetration testing exercises to prevent future breaches. Meanwhile, 40% of software developers stated their organisations issued mandatory AppSec training.
Despite multiple breaches in the last year due to vulnerable applications, 81% of developers remained confident in their ability to build a secure product, showcasing a commitment to selecting the proper tools to protect their organisations.
Supply chain challenges
More than a quarter (26%) of respondents cited “gaining visibility into open source packages being utilised in custom applications” as the biggest challenge when visualising and securing their software supply chains. Forty-nine percent of software developers said they are adopting a DevSecOps model with security as a supply chain focus to lessen their risk of a breach, with 42% of AppSec managers saying the same.
Cloud adoption
Over half of AppSec managers and software developers (54%) stated that the shift to the cloud increased their concerns around secure application development. However, each group’s challenges differed: AppSec managers struggled the most with adopting cloud native security testing methodologies (37%), whereas software developers had more difficulty with effectively and efficiently monitoring applications running in the cloud (41%).
AppSec training and awareness
Software developers said they receive application security and awareness training six times a month on average. The major concern lies in the effectiveness of the training as 23% of developers and only 17% of AppSec managers described the training as effective.
Methodology
Insights presented in this report are derived from an online survey issued between August 10 and 31, 2021. Censuswide surveyed one sample of 754 AppSec Managers within companies with more than 1,000 employees and in-house software development teams, and a second sample of 770 software developers within companies of more than 1,000 employees in the US, UK, France, Germany, Switzerland, Austria, Australia, New Zealand and the Asia Pacific region. Censuswide abides by and employs members of the Market Research Society, which is based on the ESOMAR principles.
