Armorcode Application Security Report 2023

Keypoints

• The structure of annual cybersecurity vendor reports often includes sections such as executive summary, survey methodology, current threat landscape, best practices, investments, tools, deployment trends, prioritization, challenges, and emerging topics like SBOMs, providing a comprehensive overview of the cybersecurity landscape.
• Key statistics reveal that 86% of security teams view their tools as interchangeable, emphasizing process over individual tools, while 53% have unmanaged risks within their application portfolios, indicating gaps in visibility and control.
• Notable trends include an increase in cloud application deployment (over 75% in the cloud for most organizations), ongoing challenges with vulnerability management and prioritization, and a persistent need for better integration and automation in AppSec workflows.
• Significant findings underscore that only 14% of organizations are considered leaders in AppSec maturity, with many still working towards baseline maturity levels, highlighting the continued evolution of security practices globally.
• The reports frequently emphasize the importance of SBOMs to improve supply chain security, though over 20% of organizations still do not utilize SBOMs, illustrating room for improvement in software transparency and risk assessment.
• Overall, these reports underline recurring themes such as resource constraints, the importance of automation, shifting deployment environments, and the rising threat of supply chain attacks, which shape current and future cybersecurity strategies.