The Intersection of AppSec and Compliance

In May 2021, the White House issued an Executive Order (EO) focused on improving the United States’ cybersecurity posture. Among other things, the EO calls for enhancing software supply chain security and strengthening the security of software used by the Federal Government. In short, this EO puts application security (AppSec) front and center.

Beyond this EO, various regulatory and industry guidelines and mandates either imply or point directly to building stronger AppSec programs to protect private consumer information. For example, the Payment Card Industry (PCI) Data Security Standard (DSS), Health Insurance Portability & Accountability Act (HIPAA), the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) all have expectations that drive towards the need for robust application security.

We wanted to better understand how organizations think about AppSec in this context. To that end, we surveyed 168 security and technology professionals globally, including 85 in the United States, on a range of topics including:

• Expectations regarding how the White House EO might impact AppSec for both government and commercial entities.
• Perspectives on the need for industry and governmental mandates – and penalties for non-compliance – to spur efforts to increase AppSec.
• The material impact compliance has on AppSec – both in terms of resources dedicated to such programs, as well as overall improvements in security.

The results of this study are available in a new research report published today by ZeroNorth – “Application Security, Executive Orders and Compliance.” To see the complete findings, you can read the report here.