Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Threat Monitor

01:00 PM
Sara Peters
Sara Peters
Edge Threat Monitor
Connect Directly

AppSec Concerns Drove 61% of Businesses to Change Applications

Some have even left behind commercial software and migrated to open source or in-house homegrown applications. Continue for synopsis or read full research report.

The marketplace is beginning to pinch the software industry for application security failings and complications, according to a new Dark Reading study.

Sixty-one percent of respondents to the survey, released today, stated that security concerns about one application have caused them to migrate to an alternative. Twenty-seven percent swapped one commercial off-the-shelf (COTS) application for another. Others migrated over to a COTS solution, leaving behind either open source (6%) or in-house developed (16%) tools. However, 12% dropped their commercial software altogether, in favor of either open source or in-house developed apps.

Why the changes? Some of the reasons are familiar.

For example, internal dev teams may be poorly trained on secure coding and be liable to run into business conflicts with their counterparts in the security department. When asked to name the biggest risk to appsec, the No. 1 answer was "developers untrained in security," cited by 38% of respondents. This worry persists despite a majority of respondents giving positive reviews of the relationship between these two teams.

And, of course, commercial software vendors' security records vary widely; while one may have a large dedicated security team, supported by a bug-bounty program and a reliable process for issuing patches and updates, another may have none of those things and leave bugs unfixed for years. Similarly, open source communities vary in the kind of support they provide.

Some reasons, however, are less familiar. Recently, new security challenges have arisen to further complicate the choices that businesses make about applications.

For example, this year the United States, citing national security concerns, prohibited the use of technologies from Chinese tech giant Huawei, as well as surveillance technologies from other Chinese companies. In 2017, the administration ordered the removal of Kaspersky Lab cybersecurity tools from all federal systems for similar reasons.

Meanwhile, attacks exploiting vulnerabilities in open source code libraries have increased -- and while that might initially make open source applications appear less attractive, these components are also frequently used by internal development teams and commercial software vendors alike. Fortunately, most respondents have a process in place to repair vulnerabilities in open source software components, though 21% admit to being "completely at a loss."

Read the complete report, "How Enterprises Are Developing and Maintaining Secure Applications," here.   

Related Content:


Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building Cybersecurity Strategies in Sub-Saharan Africa

Filmed for Dark Reading News Desk at Black Hat Virtual.

LAURA TICH: We have that imbalance, where the big organizations are more protected, where the smaller ones -- which are the most common businesses in the region -- they are least protected... Sometimes they do get the tools, they do get the funding to buy some critical tools, but there's a lack of skills to handle or people who understand how to work those tools. So there are a lot of factors that contribute to our growth -- or lack thereof -- in the cybersecurity industry.


Name That Toon: Tough Times, Tough Measures
Latest Comment: Wear a mask, please!
Flash Poll