CISOs See Software Supply Chain Security as Bigger Blind Spot Than GenAI: Cycode
December 7, 2023
PRESS RELEASE
SAN FRANCISCO, Dec. 06, 2023 (GLOBE NEWSWIRE) -- Cycode, the leader in Application Security Posture Management (ASPM), today announced the inaugural State of ASPM 2024 report, the industry’s first. The research found that AppSec chaos reigns, with 78% of CISOs responding that today’s AppSec attack surfaces are unmanageable and 90% of responders confirmed relationships between their security and development teams need to improve. Surprisingly, 77% of CISOs believe software supply chain security is a bigger blind spot for AppSec than Gen AI or open source.
The State of ASPM 2024 report was compiled from a survey of 500 U.S. CISOs, AppSec Directors and DevSecOps team members. Half of the sample came from companies with 5,000+ employees and half with 1,000 - 5,000 employees. The research consolidates and correlates findings across more than thirty different categories and data points across the industry.
Prioritization of AppSec risks and activities are a significant problem for most organizations as highlighted in the State of ASPM research. The vast majority (85%) of CISOs acknowledge dev teams suffer from vulnerability noise and alert fatigue, which strains the relationship between security and dev teams. Additionally, 88% acknowledge that because of alert fatigue developers are not focused on remediating critical vulnerabilities, which increases the potential for a security breach and puts the business at risk.
Only 21% of respondents believe that both security and development are equally responsible for application security, confirming that many security professionals question whether application security is a team sport. An overwhelming 77% majority said that understanding who owns application security is challenging, indicating that more clarity is needed about who is responsible for AppSec in most organizations.
The report also shows that alert fatigue is not the only cause of the souring relationship between security and development teams. Many of the challenges stem from diverse vulnerability sources and the proliferation of AppSec tools. A staggering 75% of security professionals struggle with the complexity of managing multiple security tools.
According to Gartner®, “By 2026, over 40% of organizations developing proprietary applications will adopt ASPM to more rapidly identify and resolve application security issues."