SD Elements Logo

Managing Application Security


2017 Application Security Survey by Security Compass

Security Compass at New York State Cyber Security Conference

Thank you for attending our presentation on "How Billion Dollar Enterprises Manage Application Security at Scale" by Altaz Valani - Director of Research.

Read the full results and insights

*Please note that the report will be sent to the email indicated above.

Major Findings

  • 75% of financial institutions place high or critical priority on application security
  • 69% of application security teams are composed of a central group of application security experts, with champions in individual teams or business units
  • Nearly all respondents have secure coding standards and guidelines, but most could not validate how widely the standards were being followed
  • Only 8% track the amount of money spent on vulnerability remediation
  • Dynamic analysis (DAST) and static analysis (SAST) tools are the 4th and 6th most widely used security tools out of 16 security activities surveyed, however, these tools leave 46% of application-level risks undetected
  • 50% of respondents procure at least half of their software from third-party vendors, and 17% primarily rely on this
  • However, less than 50% require vendors to have an application security policy
  • Only 8% provide detailed application security requirements as part of third-party software vendor contracts