Survey

A CISO’s Guide to Steering AppSec in the Era of DevSecOps

See how your peers are adapting – and where you stand

Get the report

AppSec is transforming, and CISOs are driving the change. To help you stay ahead, we surveyed 200 CISOs on how they’re reshaping their strategies, owning security outcomes, and balancing board pressure with real-world complexity.

Whether you’re leading security – or supporting those who do – this guide offers practical benchmarks and insights to help you steer confidently into the future.

Inside this report, you’ll discover:

How AppSec is influencing purchasing decisions.
The shift of security ownership to dev and product teams.
Why nearly 4 in 10 CISOs still lack board visibility.
Where your peers are succeeding – and where they’re struggling.

Eye-opening findings include:

49% of buyers consider application security in purchasing decisions.
43% of product teams are now responsible for securing software.
38% of CISOs still don’t report to the board

See how your strategy stacks up
Get your CISO guide for 2025 and lead your organization with sharper insights and stronger alignment.

Understand Your Benchmarks

Ready For AppSec Your Devs Can Run With?

Checkmarx is how CISOs can finally get ahead of application risk without hindering production. Find out more.

Analyst Report
DevSecOps Maturity Model for Secure Software Development

Read Now

On-Demand Webinar
Turning Devs Into Security Champs

Watch Now

Research Report
DevSecOps Evolution 2025

Read Now

What Our Customers Say About Us

See why enterprises trust our approach to
AppSec to secure their business-critical applications.

“Checkmarx One definitely checks all my boxes from a security standpoint and has a great interface that’s engaging and easy to use. Some of the solutions we considered were more complicated. With Checkmarx One, it’s easy to get right to the problem with little to no learning curve.”

“Incorporating Checkmarx’s technology has revolutionized our development culture. It’s more than just technology; it serves as the foundation of our security strategy, ensuring that our applications are secure by design.”

“The success of our AppSec program can be directly attributed to the tooling, processes and support provided by Checkmarx managed services. Our mission revolves around providing secure and compliant lottery and gaming applications and services to our clients around the globe, and with Checkmarx SAST, SCA and associated components enhanced by their stellar service support, we deliver on this promise with confidence and certainty.”

“After nearly nine years of using Checkmarx’s SAST, CGI’s journey has been one of seamless integration and consistent satisfaction. The last three years have been particularly smooth, reflecting the solution’s reliability and our successful partnership.”

“After reviewing the Checkmarx platform, I’m not sure how Veracode is able to exist while being at a similar price point.”

“Checkmarx’s execution is impressive; it’s brought all the products under one cloud platform.”

“By Far The Best AppSec Tooling Decision We Have Made!!”

“We were thrilled to find Checkmarx, which helped us improve the SLA for identifying and remediating risk, reduce risk and the number of vulnerabilities, and eliminate high- and medium-risk issues.”

“Checkmarx made security team and developers life easier.”

Market & Technology Leadership

40%

of Fortune 100

1700+

Customers in 70 countries

75+

Languages & 100+ frameworks

Leader at Gartner® Magic Quadrant™ for Application Security Testing