New Checkmarx Study Uncovers Alarming Trends in Breaches, Supply Chain Loopholes and Security Confidence

4 min.

November 10, 2021

69% of survey respondents claimed two or more security breaches in the last year as a direct result of a vulnerable application

RAMAT GAN, ISRAEL – November 10, 2021 – Checkmarx, the global leader in developer-centric application security testing (AST) solutions, today unveiled the findings of its new global report, “AppSec: The View from Security and Software Development Experts.” The report was commissioned by Checkmarx and developed with Censuswide to spotlight the biggest security challenges that application security (AppSec) managers and software developers are facing within their organizations in today’s threat landscape.

Report findings are based on online survey input from two samples of 754 AppSec managers and 770 software developers, collected globally between August 10 and 31, 2021.

“Security breaches within the enterprise have unfortunately become a societal norm, so identifying those gaps and creating the solutions to eliminate them is integral to the success of businesses today,” said Maty Siman, Checkmarx founder and CTO. “Overcoming these security challenges should be a top priority for modern organizations, and the results of this report attest to the specific needs of our trusted AppSec and developer communities.”

Building confidence in security

Following an AppSec-related incident, 38% of AppSec managers and software developers said their organizations deployed penetration testing exercises to prevent future breaches. Meanwhile, 40% of software developers stated their organizations issued mandatory AppSec training.

Despite multiple breaches in the last year due to vulnerable applications, 81% of developers remained confident in their ability to build a secure product, showcasing a commitment to selecting the proper tools to protect their organizations.

Supply chain challenges

More than a quarter (26%) of respondents cited “gaining visibility into open source packages being utilized in custom applications” as the biggest challenge when visualizing and securing their software supply chains. Forty-nine percent of software developers said they are adopting a DevSecOps model with security as a supply chain focus to lessen their risk of a breach, with 42% of AppSec managers saying the same.

Cloud adoption

Over half of AppSec managers and software developers (54%) stated that the shift to the cloud increased their concerns around secure application development. However, each group’s challenges differed: AppSec managers struggled the most with adopting cloud native security testing methodologies (37%), whereas software developers had more difficulty with effectively and efficiently monitoring applications running in the cloud (41%).

AppSec training and awareness

Software developers said they receive application security and awareness training six times a month on average. The major concern lies in the effectiveness of the training as 23% of developers and only 17% of AppSec managers described the training as effective.

To view the full report, visit this page. To learn how the Checkmarx Application Security Platform™ secures every stage of the development life cycle, click here.


Insights presented in this report are derived from an online survey issued between August 10 and 31, 2021. Censuswide surveyed one sample of 754 AppSec Managers within companies with more than 1,000 employees and in-house software development teams, and a second sample of 770 software developers within companies of more than 1,000 employees in the US, UK, France, Germany, Switzerland, Austria, Australia, New Zealand and the Asia Pacific region. Censuswide abides by and employs members of the Market Research Society, which is based on the ESOMAR principles.

About Checkmarx

Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world’s developers while giving CISOs the confidence and control they need. As the AppSec testing leader, we provide the industry’s most comprehensive solutions, giving development and security teams unparalleled accuracy, coverage, visibility, and guidance to reduce risk across all components of modern software—including proprietary code, open source, APIs, and infrastructure as code. Over 1,600 customers, including half of the Fortune 50, trust our security technology, expert research, and global services to securely optimize development at speed and scale. For more information, visit the Checkmarx website, check out the blog, or follow the company on LinkedIn.

Media Contacts

Cynthia Siemens

Head of Global PR, Checkmarx     

Dani Kerby, Brands2Life on behalf of Checkmarx

+44 (0) 20 7592 1200

Read More

Want to learn more? Here are some additional pieces for you to read.