Nearly half (48%) of organizations regularly push vulnerable code into production in their application security programs due to time pressures, while 31% do so occasionally, according to a new report published by Synopsys entitled Modern Application Development Security.
As a result, 60% have reported production applications exploited by OWASP top-10 vulnerabilities in the past 12 months.
This is despite the fact most organizations believe their security programs are very good, with an average rating of 7.92 out of 10 given by 378 IT, cybersecurity and application development professionals surveyed by the Enterprise Strategy Group (ESG). More than two-thirds (69%) rated their security program as eight or above.
The study was commissioned to look at the convergence of application security tools, which is becoming increasingly complex, with 72% of organizations stating that they now utilize more than 10 of these tools.
As such, it was found that 43% of organizations believe that DevOps integration is the most important aspect of improving application security programs. Yet 23% of respondents said that poor integration with development/DevOps tools is a common challenge to achieving this, while 26% identified difficulty or lack of integration between different application security vendor tools.
Dave Gruber, senior ESG analyst, said: “DevSecOps has moved security front and center in the world of modern development; however, security and development teams are driven by different metrics, making objective alignment challenging.”
The biggest challenge highlighted was a lack of knowledge in mitigating issues identified on the part of developers (29%). This suggests there is currently insufficient developer security training taking place, and 35% of organizations revealed that less than half of their development teams are participating in fo ..
Support the originator by clicking the read the rest link below.
