This is year 12 of the WhiteHat Security Application Security Statistics Report, and for the first time in its history (and maybe all history) we are providing some real metrics around DevSecOps. Does taking this approach really make a difference when it comes to improving application security? Turns out, the answer is yes.
In the section of our new report titled “Case Study: Making the Case for DevSecOps”, we’ve profiled a Fortune 500 company (and WhiteHat customer) that has seen dramatic improvements in the security of their applications as a result of applying a DevSecOps approach. This organization identified the key cultural and technological differences and motivators across its security and development teams, and eventually designed and implemented an application security program that bridged these differences, fostering collaboration and a shared commitment to application security.
Critical vulnerabilities in applications in development and in production were resolved in a fraction of the time that it takes organizations that haven’t engaged DevOps teams in the security effort. For more on this, read our stats report and join us for a webinar next week titled “DevSecOps Blueprint: A Case Study on How a Fortune 500 Implemented DevSecOps”.
Besides the case study, we’ve also added new sections on SAST, DAST and SAST in combination, and mobile security. Our thanks to partner NowSecure, who provided the data for our mobile section, which provides insights into the top security issues and vulnerabilities by mobile application category for the Android and iOS platforms.
What you’ll find as you read this report is that there are still too many vulnerabilities in applications and it’s still taking too long to fix them. Almost half of all applications remain vulnerable on every single day of the year. But two things give us great hope:
Applications are literally at the core of our digital lives, so it’s more important than ever to ensure that enterprises of all types can provide safe digital experiences. We hope this report provides valuable insights and recommendations on how to secure the apps that drive your business.