Despite a significantly increased focus on application security testing, remediation rates for vulnerabilities continue to shrink, according to WhiteHat Security, an independent subsidiary of NTT Security and a leading application security provider committed to securing applications that run enterprise businesses. The company released its 2019 Application Security Statistics Report, “The DevSecOps Approach: Using AppSec Statistics to Drive Better Outcomes,” which identifies the latest statistics and trends regarding the biggest application security threats to organizations.
As a result of WhiteHat’s deep AppSec expertise and robust vulnerability database coupled with NTT Security’s global threat intelligence, WhiteHat’s research now offers the most comprehensive perspective on the current state of application security, as well as recommendations on how to implement DevSecOps effectively.
Setu Kulkarni, WhiteHat’s VP of Strategy and Business Development, said, “It is more critical than ever that digital transformation initiatives must include a robust application security program. The 2019 STATS report builds on the DevSecOps framework we had outlined last year and advances it with supporting metrics, to help our customers build consensus for securing applications and reducing risks, costs and complexity. We find that organizations that take this approach experience markedly better AppSec outcomes – notably a 50% drop in Window of Exposure, an important metric that represents the amount of time that an application has a serious vulnerability that can be exploited to data breaches.”
Key findings of the report include:
- The effort required to secure the rapidly growing volume of existing and new applications is overwhelming already short-staffed teams.
- AppSec investment is unbalanced across development, security, and operations.
- Organizations that scan applications in production have a reduced risk of being breached.
- Organizations that embed security in DevOps are able to reduce risk, reduce cost and improve time to market.
- Embeddable components in the software supply chain account for 1/3 of all AppSec vulnerabilities.
WhiteHat Security has been publishing this yearly report since 2006. The study comprises statistical data and analysis gathered from continuously updated security testing information in WhiteHat Sentinel, a cloud-based application security platform.
“WhiteHat’s research offers the most comprehensive perspective on the current state of application security,” said Craig Hinkley, CEO at WhiteHat. “Applications are under constant attack, and businesses continue to struggle against this tide. However, by embedding application security testing at each stage of the software lifecycle, organizations can make demonstrable improvements while reducing the time to delivery of secure applications. WhiteHat Security’s Application Security Platform provides the foundational DevSecOps capabilities, including DAST, SAST, and SCA, that organizations require at each stage of their software lifecycle – enabling innovation and security to thrive simultaneously.”