How has the state of application security changed and what does the future hold? And how do you plan for it? To find out, Checkmarx commissioned Censuswide to survey over 1500 developers, AppSec managers, and CISOs. Here’s what we found in our third annual Future of AppSec report.
The Future of AppSec
The million-dollar question: what’s next?
2023 saw the rise in AI, with excitement and a rush to release AI-driven solutions. Consequently, AI experienced substantial adoption in a short time, with over 50% of respondents saying that they use it.
Applications mean something quite different than what they did even just a few years ago. Applications used to be simply made up of proprietary source code. Today, even source code may come from multiple sources, such as open-source code or be AI-generated, which introduces both security and legal risks. Developers can’t keep up with all of this, hence the push into secure code training and DevSecOps.
Applications have also extended from a local system or closed on-premises data center into the cloud or even multiple cloud environments. We’ve been migrating to the cloud for years, but as more of our apps are in the cloud and cloud-native development goes mainstream, this pushes interests in API Security, AppSec Posture Management (ASPM), and Cloud Native Application Protection Platforms (CNAPP).
It’s also important for all stakeholders to be able to unify and consolidate on a single platform that has something for everyone. CISOs need executive, high-level dashboards, to provide a holistic view of the entire application security posture. Developers need tools that integrate seamlessly into their existing workflow, and don’t slow them down.
Read the report to learn more.
The Importance of Developer Experience
Security must not impede development. 61% of developers are concerned about security getting in the way of development and 38% of AppSec managers claim “improving the developer experience” is a key reason for selecting their recent AppSec solution. What does developer experience really mean? Ultimately, it means that developers can spend their time focusing on developing innovative applications rather than getting bogged down by security minutia – developers are software experts, not security experts. This means making it easy for them to know exactly what to fix first – prioritizing for the greatest business impact, seamlessly integrating into their workflow and existing toolchain, not interrupting the development workflow – meeting developers where they live and providing them the education and training needed to write secure applications - equipping developers with the tools and knowledge to fix critical vulnerabilities.
How does this work? Automation so scans happen automatically through integration with Source Code Management (SCM) and CI/CD tools. It means providing security findings back into the IDE and development tools, so developers don’t have to use different tools.
Read the report to see the full list of what developers are looking for.
Start Planning For 2025
It’s a cliché but true: application security is constantly changing. It’s important to slow down and look at the current state of application security, understand where you stand compared to your peers, and consider whether you are considering the roles and responsibilities of all your core stakeholders: AppSec managers, CISOs, and developers.
The result is The Future of AppSec. Get it now and see where you stack up.
