In light of SolarWinds and other high-profile attacks involving the software supply chain, security teams are increasingly scrutinizing the security of their off-the-shelf software. A recent Dark Reading survey of 173 IT and cybersecurity professionals identified different types of risk to enterprise application security, including attackers with deep knowledge of application vulnerabilities, developers untrained in secure coding practices, outsourced applications, and poorly secured infrastructure. Dark Reading’s “How Enterprises Are Developing Secure Applications” report show attitudes over application security risks remain largely unchanged in 2021 compared to 2020, despite the broad disruptions to IT operations associated with the shift to remote work and restrictions associated with the global COVID-10 pandemic. For instance, 34% of respondents in the 2021 survey, compared with 35% last year, say the greatest risk to the security of their application environment is attackers with a deep knowledge of how to exploit app vulnerabilities, and 27% are worried about security issues tied to outsourced applications, compared to 25% last year.
Respondents are more worried about two issues this year compared to last: outsourced applications and poorly secured infrastructure. Even so, the difference is not large, as 27% of respondents say outsourced applications pose risks to the organization’s application security in 2021, compared to 25% in 2020; and 24% are worried about poorly secured infrastructure in 2021, compared to 21% in 2020. In some cases, the respondents appear to be less worried, such as over adequate developer security training, DevOps practices, and management support for application security. In 2021, just 30% of respondents say they are worried about developers untrained in security, compared to 38% who said the same in 2020.