×

Access the report now!

First Name
Last Name
Company Name
!
Thank you!
Error - something went wrong!
   

Managing Application Security 2017

April 9, 2019

Managing Application Security 

Insights from Financial Institutions 

2017 APPLICATION SECURITY SURVEY BY SECURITY COMPASS

Even though most organizations prioritize application security, many feel overwhelmed when trying to grasp the enormity of securing their software portfolios and struggle to get their security programs off the ground at all. In order to help solve this problem and offer some clarity, we embarked on a research project into the security practices of financial institutions and the insights they can offer for organizations in all industries.

•75% of financial institutions place a high or critical priority on application security


•69% of application security teams are composed of a central group of application security experts, with champions in individual teams or business units


•Nearly all respondents have secure coding standards and guidelines, but most could not validate how widely the standards were being followed

•Only 8% track the amount of money spent on vulnerability remediation

•Dynamic analysis (DAST) and static analysis (SAST) tools are the 4th and 6th most widely used security tools out of 16 security activities surveyed, however, these tools leave 46% of application-level risks undetected


•50% of respondents procure at least half of their software from third-party vendors, and 17% primarily rely on this


•However, less than 50% require vendors to have an application security policy


•Only 8% provide detailed application security requirements as part of third-party software vendor contracts

 

 

Previous Flipbook
Forrester's Total Economic Impact Analysis of SD Elements
Forrester's Total Economic Impact Analysis of SD Elements

Learn about Forrester's independent ROI analysis of our expert platform, SD Elements.

Next Flipbook
Gap Analysis of Code Scanners
Gap Analysis of Code Scanners

Learn about the gaps left behind by code scanners as well as proposed solutions to this problem.