AppSec teams face mounting challenges

Backslash Security has recently released a new research study.

I would like to walk through the few results of the survey and address the issues over the cloud-native streams.

Ref: AppSec report

Digital transformation has matured, with 47% of enterprises now pushing code into production at least once daily.

Cloud-native applications come commonly with the modern CICD pipeline in application development and infrastructure (IaC tools) and microservices. Each microservice goes to production without impacting other services and has fewer dependencies on other services and seamless change in the infrastructure.

The next two leading complaints, “Critical alerts are being ignored” (41%), and “Teams can’t handle all high-risk alerts” (37%), are closely tied to the aforementioned problems associated with priority and noise.

When AppSec teams are overwhelmed with noise and stuck spending most of their time sifting through alerts and vulnerabilities, they are left with little time or ability to address the alerts that truly matter.

You can imagine you have 1000 papers to take a look at and review/approve. Then what you will need to do is prioritise them first and take care of them based on…