ESG Report: Optimizing Application Security Effectiveness

Best Practices to Secure and Protect Modern Software Applications

 
In a digital economy, application security is crucial to success. In this new report, TechTarget’s Enterprise Strategy Group identified important best practices for building effective application security programs.

The Challenge

Only 52% of companies say they can effectively remediate a critical vulnerability.

Similarly, just 41% are very confident in their ability to manage the security and compliance risks associated with open source software components used within internally developed applications.

The result: Organizations face serious consequences from security incidents.
 

 

Key Best Practices

The report identifies key patterns among organizations that could efficiently remediate critical vulnerabilities compared to those that could not. The following are some of the best practices organizations can use to measurably improve their security program effectiveness.

Establish strong collaboration

Organizations that report the ability to efficiently remediate vulnerabilities were much more likely to encourage collaboration between application development, security, and operations to build a culture of security (52% versus 34%).

Please rate your level of agreement with the following statement regarding your organization’s application security environment: We encourage collaboration between application development, security, operations to build a culture of security.
Shift security responsibilities left – with security support

Companies that can keep up with critical vulnerabilities reported that their application development teams are taking on more security responsibilities with support and help from the security team (36% versus 22%). This shows the effectiveness of security taking on an oversight and guidance role while developers are tapped to put security fixes into place.

Please rate your level of agreement with the following statement: Our application development team is taking on more security responsibilities with support and help from the security team.
Security plays a centralized role

Companies that can efficiently remediate vulnerabilities were much more likely to say their security team is entirely centralized and separate from development teams (53% versus 30%).

What organizational structure best describes how security team members responsible for securing internally developed applications are distributed in your organization?
Know what’s in your code

Organizations able to efficiently remediate vulnerabilities were also more likely to say they view being able to answer questions about their code – such as knowing its source — as critical (49 percent vs. 31 percent).

How important is it that you are able to answer each of the following questions about your code?

ESG Research Report: Optimizing Application Security Effectiveness

Download to get the complete list of best practices for effective application security