2 min

As the software development life cycle becomes ever more complex and threats in the multi-cloud environment proliferate, security teams feel increasing pressure to tackle application security with more sophisticated tools and practice.

Application programming interfaces (APIs) represent a rapidly growing attack surface and an area where teams feel exceptionally vulnerable. Moreover, high-profile supply chain attacks have also become more
common as code bases now rely heavily on open-source components.

Data from Dark Reading’s recent survey on the state of code security indicates that many organizations are only beginning to shift their security postures in response to this landscape. While they’re well aware of software supply chain attacks and feel vulnerable in that regard, most have not yet adopted dedicated tools to test APIs or code dependencies.

That said, organizations are catching up fast. They’re making concrete plans to incorporate dynamic tools and software compositional analysis for open-source components. Most have already implemented DevSecOps or plan to within the next year, and many are concentrating their code security investments on building out cloud infrastructure to keep up with an increasingly more hybrid environment.

Most organizations are making these expansions by mixing and matching the best tools from a variety of vendors. In making these choices, they prioritize accuracy, depth of vulnerability coverage, and strong
integration with the existing developer workflow, so security concerns don’t slow down the demanding pace of application development. This expanding set of needs requires a smart partner and multi-pronged approach to keep up.

Robust application security deserves the attention to build a security posture that works for the long haul. Completing the form below, will give you access to the report with insights and takeaways on code security.