Despite a significantly increased focus on application security testing, remediation rates for vulnerabilities continue to shrink, according to WhiteHat Security.
Setu Kulkarni, WhiteHat’s VP of Strategy and Business Development, said, “It is more critical than ever that digital transformation initiatives must include a robust application security program.
“The 2019 STATS report builds on the DevSecOps framework we had outlined last year and advances it with supporting metrics, to help our customers build consensus for securing applications and reducing risks, costs and complexity.
“We find that organizations that take this approach experience markedly better AppSec outcomes – notably a 50% drop in Window of Exposure, an important metric that represents the amount of time that an application has a serious vulnerability that can be exploited to data breaches.”
Key findings of the report include:
- The effort required to secure the rapidly growing volume of existing and new applications is overwhelming already short-staffed teams.
- AppSec investment is unbalanced across development, security and operations.
- Organizations that scan applications in production have a reduced risk of being breached.
- Organizations that embed security in DevOps are able to reduce risk, reduce cost and improve time to market.
- Embeddable components in the software supply chain account for 1/3 of all AppSec vulnerabilities.