The increase in cloud initiatives was especially sharp among organizations that had been attacked.

Less�s le�ned

from 59% in 2018 to 81% in 2019

Clearly, getting burned led these organizations to make security more of a priority.

Cl�d sec�ity is be��!Those with a “distinct,

specialized approach” to securing their cloud

deployments jumped from

58% in 2018 to

72% in 2019.

Greetings Fr�

Survey at RSA finds more than 90% making security a priority

At RSA Conference this year, we surveyed security professionals from a wide range of industries about application security.

More training:

The percentage of organizations that realize cyber security training can be an

effective way to create a culture of security is growing. Those with AppSec

programs for developers, awareness programs for all employees, or both are

86%. Just 14% have no cyber security training program.

M�e g�d news!

21% 19% 46% 14%Training for developers

Training for all

employeesTraining for both groups

No training program

That’s really g�d news!Security still a priority: 92% have a dedicated internal or third-party application security team initiative, or a combination of the two. That’s the same as last year. Only 8% reported no formal application security program in place.

Cust�� sec�ity c�es f�stSecuring customer data continues to be a high priority, with the percentage considering it critical increasing from 68% in 2018 to 72% in 2019.

Risky businessRespondents said the highest security risks to

their organizations came from customer-facing web applications at 49% and internal

business applications at 22%. They were much less concerned about mobile applications (15%) and embedded systems/IoT devices (14%).

Vuln�ability managementWhat vulnerabilities were survey respondents most concerned about?

31%

Proprietary code developed

in-house

Open source components31%

22%Proprietary code

developed by a third party

15%Misconfiguration

vulnerabilities in cloud or containerized

apps

1%

Chip-level flaws or vulnerabilities

Organizati�s still und� a�ack!It should be no surprise that more than a third of respondents said their organizations had been targeted by a cyber attack within the past two years:

Yes: 37% No: 40% Don’t know: 23%

A common belief among development organizations is that security testing is too slow–leading them to take on increasing risk in their quest to decrease time to market. But modern AppSec platforms integrate multiple tools and services to build security in throughout the SDLC, from developer to deployment, without slowing you down. With the right tools, you can manage risk across your application portfolio with minimal impact to your release dates.

Ready to get started?

Read The CISO’s Ultimate Guide to Securing Applications

40% Impact on agility and speed of application development/deployment

32% Lack of skilled security professionals

20% Budget constraints

8% Lack of executive sponsorship

Roadblocksto implementing application security programs

The Synopsys differenceSynopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.

For more information, go to www.synopsys.com/software.

©2019 Synopsys, Inc. All rights reserved. Synopsys is a trademark of Synopsys, Inc. in the United States and other countries. A list of Synopsys trademarks is available at www.synopsys.com/copyright.html . All other names mentioned herein are trademarks or registered trademarks of their respective owners.