SD Elements Logo

Managing Application Security

2017 APPLICATION SECURITY SURVEY BY SECURITY COMPASS

UPCOMING LIVE PRESENTATIONS

DON'T SEE YOUR CITY LISTED? SIGN UP TO BE INFORMED ABOUT FUTURE PRESENTATIONS

Major Findings

  • 75% of financial institutions place high or critical priority on application security
  • 69% of application security teams are composed of a central group of application security experts, with champions in individual teams or business units
  • Nearly all respondents have secure coding standards and guidelines, but most could not validate how widely the standards were being followed
  • Only 8% track the amount of money spent on vulnerability remediation
  • Dynamic analysis (DAST) and static analysis (SAST) tools are the 4th and 6th most widely used security tools out of 16 security activities surveyed, however, these tools leave 46% of application-level risks undetected
  • 50% of respondents procure at least half of their software from third-party vendors, and 17% primarily rely on this
  • However, less than 50% require vendors to have an application security policy
  • Only 8% provide detailed application security requirements as part of third-party software vendor contracts