2 minute read time

The State of Code Security: What the AppSec Professionals Know

by   in CyberRes by OpenText

Traditional Application Security is still the bread and butter of your strategy, but over the last little while, the market has evolved and expanded to include API discovery, containers, and infrastructure as code, just to name a few. We wanted to know how much of the market is addressing these issues and investing in them, versus still maturing their traditional tactics. In order to learn more about this, Fortify recently partnered with DarkReading to interview AppSec professionals and developers in order to discover the key challenges this ever-changing landscape has created. 

The State of Code Security What the AppSec Professionals KnowWhat we found is the software development lifecycle is becoming ever more complex and threats in a multi-cloud environment continue to proliferate. As a result, many organizations are fairly advanced in their AppSec maturity posture, but others are still at the starting point when it comes to implementing DevSecOps. 

In short, the road to AppSec maturity is not a sprint, but a marathon. 

Along with the key findings from the survey, the report is divided into four sections:

  • The AppSec Maturity Road
    • There is a lot of room for maturity and growth in most organizations—but specific concerns and areas for attention vary by organization size.
  • Implementation Challenges
    • A wide range of challenges spell headaches for the organization trying to pick up steam along the road to maturity and shift further left. This is especially true for larger organizations—no one security pain point listed was cited by more than 29% of respondents. This highlights the growing complexity of challenges faced and points to the value of a single partner with deep expertise.
  • Factors Influencing Tool Adoption
    • As organizations attempt to overcome challenges and progress further with their AppSec maturity, many are taking advantage of the range of newer tools available and prioritizing cloud infrastructure. 
  • Outcomes and Tracking Success
    • When it comes to tracking security success and reflecting on results, organizations are more concerned about false negatives and positives than finding real vulnerabilities that they don’t have time to fix. However, this is more common with SMBs than larger organizations.  

Code Security Resources 

Read the full 2023 State of Code Security report to learn more or join us in a special upcoming Code Security webinar where we’ll explore all the key findings, implementation challenges, factors influencing tool adoption and insightful takeaways from this State of Code Security Report. 

Special note on the webinar: Martin Hell, Security Strategist from Debricked, part of OpenText Cybersecurity, will be joining us to share their research on the State of Open-Source Security. This session will also include a live Q&A, so you won’t want to miss out! 

Join our Fortify Community. Have technical questions about Application Security products? Visit the Fortify discussion forum.  Keep up with the latest Tips & Info about Application Security. Check out our Fortify Unplugged YouTube channel that highlights demos, use cases and thought leadership around AppSec. We’d love to hear your thoughts on this blog. Log in or register to comment below.


Application security