Research Report: SANS 2017 State of Application Security: Balancing Speed and Risk

How are DevOps and the move to the cloud challenging security at your organization?

The speed of software development is accelerating – and so are software security risks. To understand how this is impacting application security efforts for you and your peers, SANS recently completed its 5th annual appsec survey. Research findings have been compiled into a report titled, “2017 State of Application Security: Balancing Speed and Risk.”

Written by Jim Bird, SANS analyst and CTO of a major U.S.-based institutional trading service, the 2017 report explores challenges associated with accelerating software development practices, the continuing adoption of cloud applications, and ways agility and velocity can improve security. Some key findings include:

• 51% of organizations rely on development teams to do security testing – a 21% increase from 2016.
• 43% of organizations are pushing out changes weekly, daily or continuously.
• 41% of critical vulnerabilities are fixed within one week, another 34% within one month.
• 24% rely on testing security once a year or less.

Beyond sharing current year data, the report provides insight into how appsec has been changing – in some cases dramatically – over the past couple of years. Additionally, the report includes a number of recommendations for ways your team can move fast and enhance application security.

Tenable encourages all IT professionals responsible for ensuring application security to download, read and share this report with your peers.