News

AppSec is a basic requirement, but is it getting enough attention?

Security Parrot Editorial Team

Research Shows Organizations Are Just Beginning to Adapt Security Strategy

Research by OpenText Cybersecurity

Research by OpenText Cybersecurity into code security shows that organizations are only just beginning to adapt their security strategy to change. Meanwhile, the software development life cycle (SDLC) is becoming more complex and the number of threats is increasing. It raises the question of whether your organization pays enough attention to AppSec to prevent vulnerabilities.

Fortify Platform Helps Build Secure Code

With Fortify, OpenText Cybersecurity has a platform that helps build secure code. To really gain more insight into the state of application security within organizations, OpenText commissioned research from Dark Reading. Cybersecurity professionals and application developers from organizations of various sizes (up to 500 employees, up to 5,000 employees and more than 5,000 employees) were surveyed.
The idea is that the research paints a picture of the most important influencing factors for tool adoption. It must also identify important implementation challenges. In order to have an immediate insight into this, we immediately share the table below from the study. It is important to know that the data comes from November and December last year, when the question was put to the professionals.

Organizations Have a Long Way to Go Before Application Security is Mature

What OpenText Cybersecurity broadly notes here is that organizations in general still have a long way to go before their application security is really mature. This can’t keep up with the changes and their needs, if we look at the research that way, and that makes for vulnerable software. OpenText Cybersecurity cites several causes for the increase in threats: an increase in cloud adoption, APIs as a popular target of attackers and vulnerable software through the use of open-source components. Some of these causes deserve w at extra attention, which we will give in the course of this article.
What is striking about OpenText Cybersecurity is that many organizations are still at the starting point of including dynamic analysis tools (such as DAST) in the test cycle. Also often in an early stage is moving testing activities to a much earlier point in the SDLC. This is remarkable, because vulnerabilities are often only discovered at a later point in the development process or when the software is already in production. In the latter case, a hacker may exploit the vulnerability and find its way to cause damage.
Of course there are differences when it comes to company sizes and the degree of maturity. However, according to OpenText Cybersecurity, there is no question that shift-left is the way forward, so security protocols were implemented early in the SDLC. This aspect is often hot within organizations that apply DevSecOps. Such organizations bring developers and security experts together to create a joint approach and to maintain the pace of development.
According to the survey data, a majority (57 percent) are implementing DevSecOps. This is a positive development, but it is also clear that the implementation is not easy everywhere. OpenText Cybersecurity notes that organizations need to pay more attention to AppSec to prevent vulnerabilities. This is especially true when it comes to the use of open-source components, cloud adoption and APIs as a target for attackers.
Organizations need to be aware of the increasing complexity of the software development life cycle and the number of threats. They must also ensure that their security strategy is adapted to the changing environment. This means that dynamic analysis tools should be included in the test cycle and that security protocols should be implemented early in the SDLC. DevSecOps is a great way to bring developers and security experts together to create a joint approach and to maintain the pace of development.
OpenText Cybersecurity’s research shows that organizations are only just beginning to adapt their security strategy to change. To really gain more insight into the state of application security within organizations, OpenText commissioned research from Dark Reading. This research paints a picture of the most important influencing factors for tool adoption and identifies important implementation challenges. Organizations need to pay more attention to AppSec to prevent vulnerabilities and ensure their security strategy is adapted to the changing environment.

Weekly Updates For Our Loyal Readers!

Share this Article
Lost your password?