According to the report, over 70% of the surveyed respondents said that automated scanning of code for vulnerabilities or coding flaws—static application security testing (SAST)—was a useful security measure. SAST was closely followed by interactive application security testing (IAST) with 69%, software composition analysis (SCA) with 68%, and dynamic application security testing (DAST) with 67%.
When asked 'how do development, operations, and security teams really feel about the application security testing (AST) tools they use?', all but 3% of the 1,000 respondents—all of whom hold roles in application/software development with a focus on cybersecurity—had major issues with the application security tools (AST) they use. In fact, the respondents were pretty evenly split across the board about the issues with their tools. As seen in the graphic below, the highest issue is separated from the lowest by only a few percentage points.
Challenges became even more apparent when respondents provided their answers to the query below