In light of SolarWinds and other high-profile attacks involving the software supply chain, security teams are increasingly scrutinizing the security of their off-the-shelf software. A recent Dark Reading survey of 173 IT and cybersecurity professionals identified different types of risk to enterprise application security, including attackers with deep knowledge of application vulnerabilities, developers untrained in secure coding practices, outsourced applications, and poorly secured infrastructure.

Dark Reading's "How Enterprises Are Developing Secure Applications" report shows attitudes over application security risks remain largely unchanged this year compared to 2020, despite the broad disruptions to IT operations associated with the shift to remote work and restrictions associated with the global COVID-10 pandemic. For instance, 34% of respondents in the 2021 survey said attackers with a deep knowledge of how to exploit app vulnerabilities are the greatest risk to the security of their application environments, compared with 35% last year, and 27% are worried about security issues tied to outsourced applications, compared with 25% last year.

Respondents also indicated they are slightly more worried about risks related to outsourced applications and poorly secured infrastructure this year than they were last year. Twenty-seven percent said outsourced applications pose risks to the organization's application security in the 2021 survey, compared with 25% in 2020, and 24% are worried about poorly secured infrastructure in 2021, compared with 21% in 2020. In other areas, respondents appear to be less worried, at least when it comes to adequate developer security training, DevOps practices, and management support for application security. In the 2021 survey, just 30% of respondents said they are worried about developers untrained in security, compared with 38% who said the same in 2020.