state_of_aspm

Discover what 700+ CISOs and security leaders across the globe believe is the answer to resetting AppSec. Dive in to see key insights on how ASPM is transforming application security.

Download the Full Report
Scroll down for a sneak peek
"A must-read piece of research for anyone looking to strengthen their application and code security posture. This report will help you navigate today's ASPM landscape, the seismic impact of AI and an increasingly complex world of application security."
Andy EllisPartner, YL Ventures & Hall of Fame CSO
"The market is finally realizing that when they're doing cloud security, they're really trying to secure their applications. This report helps clarify how ASPM helps solve the application security problem and should be at the center of your security program."
James BerthotyIndustry Analyst & Founder, Latio Tech
"The State of ASPM Report offers a thorough look at the evolving threat landscape of application security. It underscores the critical challenges facing organizations today, from expanding attack surfaces to the complexities of AI-driven threats. This report isn’t just a collection of statistics; it’s a roadmap for building code resilience into your organization’s future."
Roland CloutierFormer Global CSO, TikTok
"The surge in AI-generated code is indicative that code security is now the cornerstone of modern application security strategy moving into 2025. As organizations contend with increasingly complex development and threat environments making code security a priority will be critical in safeguarding innovation.×´
Katie NortonResearch Manager, DevSecOps, IDC
INSIGHT #01

2025 will be the year
of code security

Agree that code is everywhere and it is important to secure code in their applications.

Agree that CISOs should invest more in code security.

1 out of 2

Expect that their budget will increase in the next 12 months.

Agree that ASPMs and CNAPPs are complementary solutions that shouldn’t come together as one platform.

Agree that the age of AI will need to reset how organizations look at application security.

INSIGHT #02

AppSec Overload:
More Tools Create More Problems

Concerns about visibility to code risk

Difficulty implementing a culture of collaboration

Difficulty managing alerts

Security Leaders are Losing Track of Their Budgets "My security organization lacks a full understanding of where the annual budget is being spent."

Under 20

20-40

41-60

61-80

Number of security tools

INSIGHT #03

The Reality of AppSec Chaos:
Tension Between Visibility, Speed and Security

Biggest Application Security Concerns

Visibility into security & risk posture

Software supply chain security

Velocity of development teams

Top 5 application security blindspots:

Gen AI

Exponential Increase in code

Secret Detection

Software Supply Chain

Cloud Security

Concerns About Blindspots in Security Posture and Attack Surface Blindspot: Exponential increase in code

Under 20

20-40

41-60

61-80

81-100

No. of AppSec tools currently in use

Concerns About Blindspots in Security Posture and Attack Surface Blindspot: GenAI

Under 20

20-40

41-60

61-80

81-100

No. of AppSec tools currently in use

Concerns About Blindspots in Security Posture and Attack Surface Blindspot: Software supply chain

Under 20

20-40

41-60

61-80

81-100

No. of AppSec tools currently in use

Concerns About Blindspots in Security Posture and Attack Surface Blindspot: Secrets detection in code

Under 20

20-40

41-60

61-80

81-100

No. of AppSec tools currently in use

Concerns About Blindspots in Security Posture and Attack Surface Blindspot: Cloud security

Under 20

20-40

41-60

61-80

81-100

No. of AppSec tools currently in use

INSIGHT #04

From Chaos to Clarity:
Zero in on Risk that Matters With ASPM

Will consolidate their tools to an
ASPM platform.

Of security leaders who are already using an ASPM platform feel their organization has a better systematic way of understanding overall risk, and are focused on the most important vulnerabilities.

Impact of Consolidating Tools Stack
on Developer Relationships

Faster identification of root cause

Improved detection of critical vulnerabilities

Improved MTTR

Reduced false
positives

DOWNLOAD THE FULL REPORT NOW