Navigating the AppSec Landscape: Insights from the Latest ESG eBook

In the race to boost productivity and maintain a competitive edge, organizations are modernizing their application development processes at an unprecedented pace. As new technologies enable faster software releases with greater volume, security teams face mounting pressure to keep up. The speed at which development scales often leads to mistakes, creating vulnerabilities that could expose software to threats. 

Traditional application security methods, unfortunately, tend to disrupt these faster workflows, slowing down progress. Security teams need a more modern approach—one that integrates seamlessly into the software development lifecycle (SDLC) and supports business growth, even as development efforts expand.

To provide insights into the shifting landscape of application security, TechTarget’s Enterprise Strategy Group (ESG) has run a survey and published a new eBook titled "Modernizing Application Security to Scale for Cloud-Native Development."
‍

Key Findings from the ESG eBook

Based on a survey of 350 IT, cybersecurity, and application development professionals in North America, the ESG report highlights several critical findings:

Generative AI Adoption

Nearly 97% of organizations are currently using or considering GenAI tools to enhance development speed. While these tools can significantly boost productivity by automating tasks and accelerating coding processes, their rapid integration also poses unique security challenges. 

As development cycles become faster, security teams must also adapt by prioritizing critical issues and reducing false positives to prevent security debt from growing. This widespread adoption signals the need for security teams to explore how GenAI can enhance their workflows, automate security processes, and future-proof the organization against AI-related vulnerabilities.

Open Source on the Rise

With 94% of organizations already using or planning to incorporate open-source components in their software development, open source is becoming an integral part of modern development. Open source tools offer cost efficiency, flexibility, and faster innovation cycles. However, they also present unique security risks, such as unpatched vulnerabilities, malicious dependencies, or compromised libraries that can introduce threats into the software supply chain. 

As open source usage grows, the risk of software supply chain attacks increases, as attackers may target third-party components to compromise multiple organizations. To mitigate these risks, security teams must implement robust vulnerability management strategies, ensure continuous SBOM monitoring, and apply strict controls over dependencies in CI/CD pipelines to maintain control over the attack surface. This will minimize risk, protect the integrity of the software supply chain, and improve trust in these widely-used components.

DevSecOps Growth

DevSecOps adoption is projected to grow from 38% to 48% over the next 24 months, reflecting a clear trend toward embedding security into the development pipeline. This shift toward "shift-left" practices empowers developers to address security issues early in the development cycle, reducing costs and time-to-fix while enhancing overall application security.

Automating and orchestrating DevSecOps workflows within the CI/CD pipeline eliminates manual processes and cumbersome cross-team handoffs, enabling organizations to run their DevSecOps processes at enterprise scale. As more organizations integrate security into their DevOps workflows, it becomes critical for security teams to foster collaboration between development, operations, and security, ensuring a seamless flow of secure code into production while responding to threats in real time. 

AppSec Challenges

A notable 42% of security teams struggle to measure and improve their AppSec program’s effectiveness, while 32% find it difficult to correlate results from multiple testing tools. Additionally, 38% face challenges gaining visibility into the attack surface from code development to production. 

These challenges highlight the complexity of managing modern AppSec programs, where fragmented toolsets and inconsistent metrics can lead to blind spots and inefficiencies. Organizations must focus on streamlining security processes, integrating tools, and establishing clear visibility across the application lifecycle to close security gaps and ensure a proactive defense against emerging threats.

Modernizing AppSec Strategy

A staggering 98% of organizations are actively seeking to modernize their AppSec programs, with 56% preferring best-of-breed approaches to tooling. The drive to modernize is fueled by the increasing complexity of applications and the evolving threat landscape, which demands more agile, comprehensive security solutions. 

A best-of-breed strategy enables organizations to customize their security stack, ensuring they use the most effective tools for their specific needs, and maintain flexibility as their environments change. However, it also requires careful orchestration to avoid tool sprawl and ensure seamless integration. It underscores the need for independent governance platforms and streamlined workflows to ensure consistent processes and posture no matter which technologies or tools are used throughout the organization today or in the future.

This new ESG research report, authored by Melinda Marks and David Vance, offers a comprehensive look at the current state of application security. 

Melinda Marks, practice director, cybersecurity, Enterprise Strategy Group explains, “As organizations are investing in DevSecOps initiatives and modernizing their application security programs, ASPM solutions can provide a vendor independent governance layer needed by teams to improve visibility, manage risk, and gain the context and efficiency needed to focus remediation actions on what matters most. Any medium to large enterprise has multiple scanning tools using different programming languages, so a vendor-independent governance layer can better orchestrate application security testing within developer workflows, while providing security teams with the control and visibility they need to support scale.”

Download this latest research from ESG to explore all the findings and gain a deeper understanding of the evolving AppSec landscape.
‍

ArmorCode ASPM

ArmorCode’s AI-powered ASPM Platform is designed to help you modernize your AppSec strategy, addressing challenges such as GenAI adoption, DevSecOps growth, and security team struggles, all while supporting a best-of-breed approach with independent governance. 

ArmorCode helps you stop chasing vulnerabilities and start reducing risk. It can integrate with any scanner, creating a unified understanding of risk across your applications and infrastructure, leveraging intelligent risk scoring to prioritize your critical risks, and orchestrating security workflows with developers to remediate issues efficiently at scale.

To see ArmorCode for yourself and find out how an ASPM platform can address the AppSec challenges that ESG illuminates in this research, take a self-guided tour.