Software security trends from experts at Infosec Europe 2019

Top software security trends for 2019, based on our annual survey at Infosec Europe, include growing concerns for data protection and regulatory compliance.

Learn more about the top software security trends for 2019

AWS Builder Community Hub

At Infosecurity Europe this year, we conducted our annual survey of attendees to uncover the latest software security trends, including what they’re concerned about and what they’re doing about it. Read on for our analysis, or download the PDF version.

Experts at Infosecurity Europe 2019 talk about software security trends

Software Security Experts Speak Out at Infosec

Who’s talking

We surveyed security and software engineers from the tech, finance, and security industries at Infosecurity Europe 2018 and 2019.

What they’re saying

Critical security concerns

Protecting customer data and maintaining business operations remain top of mind in 2019. But regulatory compliance is of growing concern. Overall, the 2019 respondents considered each of the four issues as more important than did the 2018 respondents. There’s a clear trend regarding software security concerns: Organizations are more worried about everything.

Protecting customer data60%69%
Maintaining business operations57%68%
Regulatory compliance51%64%
Protecting internal IP43%55%

GDPR compliance

GDPR legislation has had an obvious impact over the past year. The growing number of organizations who maintain compliance with this privacy regulation is one of the more positive software security trends we discovered.

My organization is GDPR compliant44%88%

Security program challenges

Respondents pointed to the same three main roadblocks to implementing application security programs in both 2018 and 2019. It seems that while these challenges aren’t getting worse, organizations aren’t making much headway in resolving them either.

Perceived impact on speed of development/deployment33%31%
Lack of skilled professionals30%31%
Budget constraints29%31%

Security and awareness training

Another positive software security trend revealed in our survey relates to training. Some organizations offer only application security training for developers. Others offer only cyber security awareness training for all employees. But many more organizations now see the value of both types of programs. It’s a trend we hope continues in the same direction.

We have both types of programs35%48%

Riskiest applications

Respondents in 2019 again told us that customer-facing web applications pose the highest security risk to their organizations. This statistic has hardly changed since our survey in 2017, when it was 48%. A number of reports in recent years have confirmed that web apps are the No. 1 attack surface, so it’s no surprise that organizations are worried about protecting web apps from hackers.

Customer-facing web applications44%45%
Internal/business applications29%28%

Riskiest vulnerabilities

Our survey suggests a possible trend in what software security professionals consider the riskiest vulnerabilities. In 2019, more respondents thought that either cloud and container misconfigurations or vulnerabilities in open source components pose the most risk. The upward trend in both these areas is backed up by recent reports showing that cloud security is a growing concern, and organizations are using more open source components than ever.

Misconfiguration vulnerabilities in cloud/containerized apps25%27%
Vulnerabilities in OSS components22%24%
Vulnerabilities in in-house proprietary code20%20%

What to learn from these software security trends

Many development organizations believe that security testing is too slow—leading them to take on increasing risk in their quest to decrease time to market. But modern AppSec platforms integrate multiple tools and services to build security in throughout the SDLC, from developer to deployment, without slowing you down. With the right tools, you can manage risk across your application portfolio with minimal impact to your release dates.

Ready to get started?

*** This is a Security Bloggers Network syndicated blog from Software Integrity Blog authored by Synopsys Editorial Team. Read the original post at: