"Inadequate Tools Leave Appsec Fighting an Uphill Battle for Cloud Security"
According to Backslash Security, AppSec teams are struggling to keep up with the increasingly rapid and agile development pace, and playing security defense through a continuous and unproductive vulnerability hunt. Fifty-eight percent of respondents spend over 50 percent of their time hunting vulnerabilities, with 89 percent spending at least 25 percent of their time in this defensive mode. The annual cost of employing AppSec engineers who hunt for vulnerabilities rather than manage a comprehensive cloud-native AppSec program is estimated to be about $1.2 million. Given the accelerated pace of digital innovation across all enterprise sizes and the blurred lines between AppSec and CloudSec, enterprise AppSec teams are burdened with solutions that have yet to catch up to the cloud's speed. Therefore, AppSec professionals are losing confidence in the prevalent AppSec tools. The lack of cloud-native AppSec tools has a wide-ranging impact on nearly all organizations, including increasing friction between AppSec and development teams (39 percent), putting the ability to generate revenue at risk (39 percent), and an inability to retain high-value development talent (38 percent) and AppSec talent (35 percent). This article continues to discuss key findings from Backslash Security's report on AppSec teams being stuck in a catch-up cycle.