A survey reveals that 98% of application security stakeholders have faced security breaches due to vulnerable code, with 81% admitting to shipping code containing known vulnerabilities. Over a quarter of organizations experienced multiple breaches, often due to pressure to meet business deadlines. Many anticipate additional incidents, particularly from software supply chain compromises and third-party vendor issues. Preparedness for emerging security threats remains low, with less than 15% feeling equipped against recent attack vectors. Additionally, less than half of respondents actively utilize application security tools.
A survey of 1,519 application security stakeholders finds nearly all (98%) work for organizations that have experienced a security breach attributable to vulnerable code. Furthermore, 81% acknowledged their organization has shipped code with known vulnerabilities into production environments.
More than a quarter of organizations (27%) experienced four or more breaches due to vulnerabilities, with 38% reporting that vulnerable code is being shipped to meet business or feature deadline requirements.
Less than 15% feel prepared for mainstream threats from the last two years, such as attacks targeting CI/CD pipelines and security implications of generative AI in development workflows.
Less than half of respondents, excluding heads of software development teams, are actively using application security tools such as infrastructure-as-code scanning (48%) or dynamic application security testing tools (47%).
#application-security #security-breaches #vulnerable-code #software-development #cybersecurity-preparedness
Collection
[
|
...
]