Ponemon Institute, with sponsorship from WhiteSource, the leader in open source security and license compliance management, announced today the release of their research report ‘Reducing Enterprise Application Security Risks: More Work Needs to Be Done’.
Ponemon Institute surveyed 634 enterprise IT and security practitioners to learn why business-critical applications remain at high risk. The report compares the state of application security today with that of 2015. The research found that most enterprise organizations still struggle to monitor, detect, and prevent attacks at the application level. 71% of respondents said their organizations’ portfolio of applications has become more vulnerable to attack over the past year.
Key findings in the report include:
– Attacks on the application layer are a major concern for IT and security professionals now more than ever. This applies especially to organizations defined in the report as high security performers.
– The report shows IT Security spend trends and uncovers a misalignment between risk levels and the level of annual spending across different protection layers. The gap is most evident in the application layer, where the percentage of allocated budget is significantly lower compared with the perceived level of risk.
– Nearly half of the respondents state their organizations’ only have an informal, ad hoc approach or no approach to securing their SDLC.
– 86% of respondents state there is only some or no collaboration between development and security teams.
– Security debt continues to rise with 32% of respondents admitting to a 12-month backlog of un-remediated vulnerabilities.
“The Ponemon Institute’s research report addresses application security issues that are top of mind for today’s enterprises.” said David Habusha, VP Product at WhiteSource. “The report provides important insights on investment in AppSec, reducing security debt, integrating security into all stages of application development, and cooperation between security and development teams.” Habusha added “we hope that the report will help enterprises adopt the application security tools and processes that they need to address application security threats head-on”.