SD Elements Logo

Managing Application Security

INSIGHTS FROM FINANCIAL INSTITUTIONS

2017 Application Security Survey by Security Compass

Even though most organizations prioritize application security, many feel overwhelmed when trying to grasp the enormity of securing their software portfolios, and struggle to get their security programs off the ground at all. In order to help solve this problem and offer some clarity, we embarked on a research project into the security practices of financial institutions and the insights they can offer for organizations in all industries.

Read the full results and insights

*Please note that the report will be sent to the email indicated above.

Want to benchmark your company's appsec program to the industry average? Complete the 2018 edition of the survey to get a comparison.

Major Findings

  • 75% of financial institutions place high or critical priority on application security
  • 69% of application security teams are composed of a central group of application security experts, with champions in individual teams or business units
  • Nearly all respondents have secure coding standards and guidelines, but most could not validate how widely the standards were being followed
  • Only 8% track the amount of money spent on vulnerability remediation
  • Dynamic analysis (DAST) and static analysis (SAST) tools are the 4th and 6th most widely used security tools out of 16 security activities surveyed, however, these tools leave 46% of application-level risks undetected
  • 50% of respondents procure at least half of their software from third-party vendors, and 17% primarily rely on this
  • However, less than 50% require vendors to have an application security policy
  • Only 8% provide detailed application security requirements as part of third-party software vendor contracts