Nearly 78% of chief information security officers (CISOs) say that today’s AppSec attack surfaces are unmanageable and 90% of responders confirmed relationships between their security and development teams need to improve. What’s more, 77% of CISOs believe software supply chain security is a bigger blind spot for AppSec than Gen AI or open source.
“Despite industry forecasts, our research reveals a much more condensed time frame to ASPM adoption. While all the hype right now is focused on AI, software supply chain security issues are just as or even more critical, and any ASPM solution needs to have best in class capabilities,” says Lior Levy, co-founder and CEO, Cycode.
Key takeaways:
- The vast majority (85%) of CISOs acknowledge development teams suffer from vulnerability noise and alert fatigue, which strains the relationship between security and development teams. Additionally, 88% acknowledge that because of alert fatigue, developers are not focused on remediating critical vulnerabilities, which increases the potential for a security breach and puts the business at risk.
- Only 21% of respondents believe that both security and development are equally responsible for application security, confirming that many security professionals question whether application security is a team sport. And, 77% majority said that understanding who owns application security is challenging, indicating that more clarity is needed about who is responsible for AppSec in most organizations.
- What’s more, 75% of security professionals struggle with the complexity of managing multiple security tools.
- In addition, 92% of CISOs confirmed they are looking to consolidate their AppSec tools into a single platform in the next 12 months.