2 min read time

The 2024 State of Code Security Report: How Enterprises Secure Their Applications

by   in Cybersecurity

In our latest webinar we deep dive into our recent joint “2024 State of Code Security Report” with Dark Reading. (If you missed it, you can catch the on-demand recording here.)

The software industry continues to evolve, and organizations are recognizing the need to balance security risks with the speed of development. Based off the survey, research data, and comparison to last year’s numbers, it's still evident that regardless of the pace of technology organizations are still struggling to secure what matters most to them.

In the webinar we covered:

  • Organizations' biggest pain points for AppSec and how we can address them.
  • Open Source, API security, and accuracy and depth of security tests are where companies feel most vulnerable.
  • While false negatives and false positives are always a concern, organizations are beginning to feel their tools just scratch the surface of their security needs.
  • Continued struggles with enabling developers with the right tools at the right time.
  • And so much more!

If you have time to watch the full webinar or read the entire report then do that!

However, below are some juicy nuggets that might pique your interest from the report/webinar.

Yep, you read that right only 33% of organizations rate their software component analysis as “very effective.”

And only 22% rate their SAST or DAST tools as “very effective” with 60%+ in each rating it as “Somewhat effective” or ”Not Effective” at all.

Only 16% ”strongly agree” that their organization will be able to detect and respond to a software supply chain compromise.

Only 14% ”strongly agree” that their organization has the necessary knowledge and expertise to ensure a secure software supply chain.

Only 10% ”strongly agree” that their organizations existing defense are effective at preventing software supply chain compromises.

Less than half (only 48%) agree or strongly agree that their application security tools are ”very accurate.”

56% agree or strongly that their security tools “just scratch the surface of all that we need to do.”

The percentage of application developers that are “very knowledgeable” about security declined to 18% this year from 22% last year.

30% of respondents in 2024 vs 17% in 2023 say their app devs are “Not very knowledgeable” or “not at all knowledgeable” on AppSec matters.

If you’d like to see more stats and hear a great in-depth discussion regarding the key findings from the report and how Fortify can help you on your DevSecOps journey, then check out the on-demand webinar!

 However, as mentioned above, you can also read the entire 2024 State of Code Security report here.

Join our Fortify Community. Have technical questions about Application Security products? Visit the Fortify discussion forum.  Keep up with the latest Tips & Info about Application Security. Check out our Fortify Unplugged YouTube channel that highlights demos, use cases and thought leadership around AppSec. We’d love to hear your thoughts on this blog. Log in or register to comment below.

Labels:

Application security