We took the opportunity at RSA Conference last month to survey our booth visitors about their organizations’ application security programs. We’ve sponsored and conducted a number of surveys on topics ranging from DevSecOps to open source security to medical device security, but there’s something about collecting feedback from conference attendees in person that really hits home—a glimpse into security IRL, if you will.
Most attendees (78%) reported direct roles in cybersecurity, risk management or software engineering, representing a wide range of industries. Some of the findings were far from unexpected. For example, 40% of respondents cited a lack of skilled security professionals as the biggest challenge in implementing their application security programs. We also found that a startling number of respondents didn’t even know whether their organizations were the target of a cyber attack in the last two years.
Other results were surprising: Less than 10% felt that mobile apps or IoT devices presented a critical security risk to their business, compared to web or internal business applications. In our recent Open Source Security and Risk Analysis, we found the highest number of open source vulnerabilities in IoT applications—an average of 677 open source vulnerabilities in each app. That alone should be cause for concern when it comes to IoT security risk.
Want to see the rest of the results? Check out our infographic to learn what RSA Conference attendees shared about real-world application security initiatives, approaches, and challenges.
How well do these results reflect what you see in your organization, industry, and field? We’d love to know more about what security IRL looks like for you. If your organization is struggling to find the skilled security professionals needed to address your security concerns, we can help fill the gap with our service offerings.