Skip to main content
April 18, 2015

Study: Risk Visibility Gap

Enterprises around the world rely on web and mobile apps to do business, yet basic security assessments of these applications are not consistently done. In a study we commissioned through IDG, more than 300 IT managers from the US, UK and Germany, were interviewed about their application security programs and processes. The results? Most enterprises aren‘t assessing for critical, commonly exploited vulnerabilities.

Web applications seem to be the largest catagory to suffer from this negative trend, even though they represent the majority of the world's developed applications.

Worse, enterprises across the US, UK and Germany leave 62 percent of all their web and mobile applications unaudited for critical vulnerabilities such as SQL injection and cross-site scripting.

The third of enterprises that did assess applications during development, leveraged both binary static and dynamic analyses.

Of the enterprises currently using some form of analyses, most plan on expanding their programs within the next 12 months.


Related Content

Eric manages global public relations at Veracode. In this role, he manages all facets of the company’s PR efforts. He brings more than 13 years’ experience in the industry. Prior to Veracode, Eric ran public relations activities for CyberArk across the US, EMEA and APJ.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.