In-house apps cause breaches at 92 percent of companies
A new study reveals that 92 percent of companies surveyed had experienced a breach in the past year due to vulnerabilities of applications developed in-house.
The report from Checkmarx shows that in recent years the responsibility for application security has shifted away from dedicated security teams and is now shared between AppSec managers and developers.
In the study, 49 percent of respondents say that their developers are involved in key AppSec solution purchases, 41 percent say that AppSec managers were involved and 40 percent of respondents indicate CISO involvement.
With more software to secure that has been deployed in more environments and with less time available to secure it, 91 percent of companies have knowingly released vulnerable applications. Business pressure is cited as a significant reason for this with 29 percent of AppSec managers saying they had released the applications 'to meet a business, feature or security-related deadline,' 18 percent of CISOs say that they hoped the vulnerability would not be exploitable, and 29 percent of developers say that the vulnerability would be fixed in a later release.
"The mitigation of AppSec risk is becoming a shared responsibility at a time when cloud-native applications are deployed multiple times each day," says Amit Daniel, chief marketing officer at Checkmarx. “Enterprise CISOs are coming to Checkmarx looking for a way to gain visibility into the security posture of their entire organizational footprints. Our goal is to provide them with that visibility as a way of building what we call 'DevSecTrust,' or trust between developers and security that can help bring their AppSec maturity to a whole new level."
Developers' security concerns are focused on the tension between time-to-delivery demands and the potential volumes of vulnerabilities requiring remediation -- including the development process being impeded by security demands -- difficulty knowing which vulnerabilities to fix and how to prioritize them and lack of context to help remediate vulnerabilities. A significant 61 percent of developers say it's critical that security shouldn't block or slow the development process or become a barrier to business success.
You can get the full report from the Checkmarx site.
Image credit: photonphoto/depositphotos.com