A substantial 78% of CISOs have expressed concerns about the current unmanageability of application security attack surfaces, emphasizing the need for improvement.
The figure comes from Application Security Posture Management firm Cycode's inaugural The State of ASPM 2024 report.
The research, drawn from a survey of 500 US CISOs, AppSec Directors and DevSecOps team members, underscores the existing challenges in AppSec.
The report revealed a significant issue concerning strained relationships between security and development teams, with 90% of respondents recognizing the need for improvement.
Interestingly, 77% of CISOs perceive software supply chain security as a more substantial blind spot for AppSec than emerging technologies like generative AI or open source.
A notable challenge highlighted in the research is the prioritization of AppSec risks and activities.
An alarming 85% of CISOs acknowledge that development teams grapple with vulnerability noise and alert fatigue, hindering collaboration.
This alert fatigue, recognized by 88% of respondents, also results in developers neglecting critical vulnerability remediation, posing a significant security risk.
The report emphasized the ambiguity surrounding application security responsibilities within organizations.
A substantial 77% of respondents find it challenging to determine ownership of application security, indicating the need for greater clarity in this domain.
Addressing the multifaceted issues contributing to strained relationships, the report notes that managing multiple security tools poses a challenge for 75% of security professionals due to their inherent complexity.
More information about securing AI and the software supply chain is available in this analysis by Sonatype developer advocate Dan Conn..
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Wed, 06 Dec 2023 17:00:29 +0000