A 73% of companiesaccording to an Enterprise Strategy Group (ESG) survey relied upon by Synopsys for a security report, has raised its level of protection following the latest high-level attacks that have occurred, such as Kaseya either SolarWindsto avoid situations that could jeopardize your software supply chain.
The steps they have taken to do so range from adopting a multi-step authentication system or technology (3%) to investing in application security testing controls (32%). 30% have also improved asset discovery to update their organization’s attack surface inventory. But despite these efforts, 34% of organizations have seen their applications exploited by an unknown vulnerability in operating source software in the last 12 months.
This is a notable problem, because 80% of companies use open source software, and next year this percentage may reach almost all companies. Fortunately, only 1% say they are not concerned about security, which means that a very high percentage of companies are taking measures to protect themselves.
The survey also suggests that development-focused security and the authorization and training of developers to conduct security testing early in the software development cycle are growing among companies that are developing cloud-native applications. , 97% of organizations have experienced a security incident related to their cloud-native applications in the last 12 months.
Faster development cycles also mean more security concerns. 41% of application development teams and 45% of DevOps teams say developers frequently bypass established security processes, while 55% of application developers agree that security teams they should have more visibility into development processes.
