Developers opening their organizations up to breaches by knowingly deploying vulnerable code
- Details
- Published: Thursday, 27 April 2023 08:21
Checkmarx released its Global Pulse on Application Security study at the 2023 RSA Conference in San Francisco. Developed with Censuswide, the research uncovered global trends around current security challenges faced by CISOs, application security (AppSec) leaders and software developers as migration to the cloud and digital transformation have become enterprise imperatives.
The Checkmarx survey of over 1,500 CISOs, AppSec managers, and software developers around the world uncovered some troubling statistics. The research showed 86 percent of surveyed software developers and AppSec managers have or know someone who has knowingly deployed vulnerable code; and 88 percent of AppSec managers surveyed have experienced at least one breach in the prior year as a direct result of vulnerable application code. The shift toward modern development practices that incorporate microservices and serverless technologies, container security and infrastructure as code (IaC) are multiplying the potential attack surface, thereby identifying critical new priorities for application security.
CISOs surveyed see the highest-priority security risks at their organizations as being:
- Increased use and exposure of APIs (37 percent)
- Open source software supply chain risks (i.e., malicious code) (37 percent)
- Application containerization risks (37 percent)
- Open source software risks (36 percent)
- Infrastructure-as-code risks (36 percent).
Surveyed AppSec managers who have experienced breaches say that the top three causes include:
- Open source software supply chain attacks (41 percent)
- Stolen credentials, secrets or weak authentication/authorization (40 percent)
- Known and/or unknown vulnerabilities in code released to production (39 percent).
