New ESG Research Report Outlines Best Practices for Effective Application Security Programs

New ESG Research Report Outlines Best Practices for Effective Application Security Programs

Mend.io Mend.io

Mend.io

Start managing application risk ?

发布日期: 2023年11月14日
+ 关注

New research from TechTarget’s Enterprise Strategy Group (ESG) has identified that organizations’ application security programs struggle to keep up with the pace of software development, and it reveals best practices to secure modern software applications.

As software delivery accelerates and the volume of releases increases rapidly, the risk from vulnerabilities and the threat of malicious packages grow, but the report, “Optimizing Application Security Effectiveness,” exposes some concerning findings about the readiness of companies to handle these issues.?

The scale of the problem

69 percent of organizations have experienced at least one serious security incident from a software vulnerability in the last 12 months.

Nevertheless, only 52 percent of companies say they can effectively remediate a critical vulnerability, and even fewer ― just 41 percent ― are confident in their ability to manage the security and compliance risks associated with open source software components used within internally developed applications.

Key Best Practices for Effective Application Security Programs??

Establish strong collaboration early

Organizations that report the ability to efficiently remediate vulnerabilities were much more likely to encourage collaboration between application development, security, and operations to build a culture of security (52% versus 34%).?

领英推荐

Shift security responsibilities left – with security support

Organizations able to keep up with vulnerabilities are 3.3x more likely to have extensively incorporated security into development processes.?These organizations are also more likely to?have automated the identification and remediation of configuration and software vulnerabilities before deployment to production (78% versus 61%).

Security plays a centralized role

Companies that can efficiently remediate vulnerabilities were much more likely

to say their security team is entirely centralized and separate from development teams (53% versus 30%).

Know what’s in your code?

Organizations able to efficiently remediate vulnerabilities were also more likely to say they view being able to answer questions about their code – such as knowing its source — as critical (49 percent vs. 31 percent).

Continue reading ?? https://go.mend.io/3FjgEoz

要查看或添加评论,请登录

Mend.io的更多文章

社区洞察

其他会员也浏览了