Cycode is excited to announce the release of our State of ASPM 2024 report, the first ever report to analyze the state of application security and Application Security Posture Management (ASPM).
Cycode conducted primary research among 500 CISOs, AppSec Directors, and DevSecOps Directors in US companies with 1,000+ employees. As we analyzed the data, we uncovered insights into the current state of AppSec and how ASPM can help organizations gain better visibility and context for their application security programs.
We started on this journey to try to learn what was working in AppSec and what was broken. The goal was to gain a greater understanding of how organizations could work more efficiently in resource-constrained environments, where teams are small, yet demands are high. Along the way, we discovered interesting data about how security leaders feel about today’s attack surfaces, the tools designed to mitigate application risk, and the relationship between security and developer teams.
The State of ASPM 2024: Key Insights
As we analyzed our survey data, we uncovered a number of key insights about the current state of Application Security Posture Management (ASPM).
In The State of ASPM 2024 research, 77% of CISOs stated that software supply chain security is a bigger blind spot than generative AI. We also learned that 78% of CISOs think that today’s attack surfaces have become unmanageable. This shows that the growth of attack surfaces has outpaced security’s ability to manage and resolve alerts. It also indicates that many security professionals feel unable to effectively handle current threats with their existing tooling.
Our research showed that the majority of CISOs (85%) believe that vulnerability noise and alert fatigue are significant problems. Alert fatigue stresses the already strained relationship between security and dev teams. According to 88% of CISOs, alert fatigue is causing developers not to remediate critical vulnerabilities. This puts the business at risk and further increases distrust between teams. Furthermore, 90% of respondents stated that the relationship between their security and development teams needs improvement.
The research also found that many respondents don’t believe that security professionals and developers view security as a team sport and don’t work well together to remediate security risks. Only 21% of respondents believe that both security and development are equally responsible for fixing security defects. An overwhelming 77% majority said that understanding who owns application security is challenging, indicating that most organizations need more clarity about who is responsible for AppSec.
These are just several of the insights in our report. The State of ASPM 2024 explores much more, including:
- How AppSec chaos is impacting security teams’ ability to reduce risk
- Why tool sprawl is causing more harm than good
- How alert fatigue from noisy tools is straining security-developer relations
- How a lack of understanding over which teams are ultimately responsible for remediating vulnerabilities becomes a blocker to innovation
- Why organizations believe moving to a single AppSec platform could be the answer they have been looking for
To find out the answers to these questions and more, download the full report now.
Who Is This Report Designed For?
This report is a valuable resource for CISOs, security professionals, DevSecOps, developers, and decision-makers who are committed to ensuring the security and integrity of their applications, software supply chains, and development pipelines.
Stay tuned for more updates from Cycode as we continuously monitor the ever-changing threat landscape to provide the latest insights on Application Security Posture Management to help you reduce the risk to your organization.
Learn More About ASPM
Want to dive deeper into insights related to application security and ASPM? Download your full copy of The State of ASPM 2024 now.