New study from Bugcrowd and Enterprise Strategy Group highlights increased reliance on crowdsourced security platforms and DevSecOps for greater application security
Bugcrowd, the #1 crowdsourced security company, today released Security Leadership Study – Trends in Application Security. Developed in conjunction with Enterprise Strategy Group (ESG), a leading security industry analyst firm, this survey of 200 CISOs and cybersecurity decision makers in the United States and Canada evaluates the current state of application security, underscoring the importance of next-generation crowdsourced approaches and DevSecOps to quickly find and fix vulnerabilities.
“The scope of cybersecurity continues to expand as attackers and defenders develop new strategies and tactics in response to the ongoing broad adoption of the cloud and mobile,” said Doug Cahill, senior analyst at ESG. “As attack surfaces expand and adversaries gain additional opportunities for penetration, security leaders are looking to crowdsourced security platforms, like Bugcrowd, that can effectively scale in the same continuous nature as the development process.”
Key findings of the Security Leadership Study – Trends in Application Security report include:
- Crowdsourced Security Making Waves: Nearly 90 percent of companies surveyed are already running, plan to run in the next 12 months, or are interested in running a crowdsourced security program at some point, indicating a growing acceptance of and reliance on nontraditional methods for defense.
- Underprotected Apps Causing Heartburn for Large Organizations: Large enterprises (more than 2,500 employees) typically operate a high number (over 1,300) of complex applications but only protect 60 percent of them, leaving more than 500 applications unprotected at a time where adversarial attacks are increasing.
- Crowdsourced Security Delivering ROI: Companies find the top benefits of crowdsourced cybersecurity are paying for valid results rather than effort or time (44 percent), reflecting a strong ROI value proposition, and the continuous coverage of applications (42 percent), a nontrivial benefit given the ongoing proliferation of applications in today’s software-driven economy.
- New Acceptance of Complementary Approaches to Security: A majority of security leaders see room to add continuous crowdsourced security penetration testing program to their traditional point-in-time penetration testing efforts – with 60 percent calling next generation penetration testing complementary for companies to find and fix vulnerabilities faster.
- Security Collaboration Powers a DevSecOps World: More than 80 percent of companies are planning to integrate cybersecurity processes and controls in the continuous integration and continuous delivery (CI/CD) processes of a DevOps approach (i.e. DevSecOps) for more conducive collaboration.
“The increasing number of unfilled cybersecurity jobs and the pressure to bring products to market faster have contributed to the growing and under-defended attack surface,” said David Baker, chief security officer at Bugcrowd. “Our latest survey with ESG underscores how crowdsourced cybersecurity is quickly becoming a foundational element of any organization’s cybersecurity program.”
Founded in 2012, Bugcrowd was the first company to offer managed bug bounty, vulnerability disclosure, and next-gen penetration testing to customers in more than 50 industry sectors in over 30 countries. As a result, more leading companies around the world, including Atlassian, Fitbit, Jet.com, NETGEAR, Square, HP, Mastercard, and more trust Bugcrowd for crowdsourced security. Bugcrowd’s holistic approach to crowdsourced security provides customers actionable intelligence to measure success, multiply impact, and bring more secure products to market.