Software Integrity Blog

 

Software security trends from experts at Infosec Europe 2019

Top software security trends for 2019, based on our annual survey at Infosec Europe, include growing concerns for data protection and regulatory compliance.

Learn more about the top software security trends for 2019

At Infosecurity Europe 2019, we conducted our annual survey of attendees to uncover the latest software security trends, including what they’re concerned about and what they’re doing about it. Read on for our analysis, or download the PDF version.

Experts at Infosecurity Europe 2019 talk about software security trends

Software Security Experts Speak Out at Infosec

Who’s talking

We surveyed security and software engineers from the tech, finance, and security industries at Infosecurity Europe 2018 and 2019.

What they’re saying

Critical security concerns

Protecting customer data and maintaining business operations remain top of mind in 2019. But regulatory compliance challenges are of growing concern. Overall, the 2019 respondents considered each of the four issues as more important than did the 2018 respondents. There’s a clear trend regarding software security concerns: Organizations are more worried about everything.

2018 2019
Protecting customer data 60% 69%
Maintaining business operations 57% 68%
Regulatory compliance 51% 64%
Protecting internal IP 43% 55%

GDPR compliance

GDPR legislation has had an obvious impact over the past year. The growing number of organizations who maintain compliance with this privacy regulation is one of the more positive software security trends we discovered.

2018 2019
My organization is GDPR compliant 44% 88%

Security program challenges

Respondents pointed to the same three main roadblocks to implementing application security programs in both 2018 and 2019. It seems that while these challenges aren’t getting worse, organizations aren’t making much headway in resolving them either.

2018 2019
Perceived impact on speed of development/deployment 33% 31%
Lack of skilled professionals 30% 31%
Budget constraints 29% 31%

Security and awareness training

Another positive software security trend revealed in our survey relates to training. Some organizations offer only application security training for developers. Others offer only cyber security awareness training for all employees. But many more organizations now see the value of both types of programs. It’s a trend we hope continues in the same direction.

2018 2019
We have both types of programs 35% 48%

Riskiest applications

Respondents in 2019 again told us that customer-facing web applications pose the highest security risk to their organizations. This statistic has hardly changed since our survey in 2017, when it was 48%. A number of reports in recent years have confirmed that web apps are the No. 1 attack surface, so it’s no surprise that organizations are worried about protecting web apps from hackers.

2018 2019
Customer-facing web applications 44% 45%
Internal/business applications 29% 28%

Riskiest vulnerabilities

Our survey suggests a possible trend in what software security professionals consider the riskiest vulnerabilities. In 2019, more respondents thought that either cloud and container misconfigurations or vulnerabilities in open source components pose the most risk. The upward trend in both these areas is backed up by recent reports showing that cloud security is a growing concern, and organizations are using more open source components than ever.

2018 2019
Misconfiguration vulnerabilities in cloud/containerized apps 25% 27%
Vulnerabilities in OSS components 22% 24%
Vulnerabilities in in-house proprietary code 20% 20%

What to learn from these software security trends

Many development organizations believe that security testing is too slow—leading them to take on increasing risk in their quest to decrease time to market. But modern AppSec platforms integrate multiple tools and services to build security in throughout the SDLC, from developer to deployment, without slowing you down. With the right tools, you can manage risk across your application portfolio with minimal impact to your release dates.

Ready to get started?

 

More by this author