Outsourced software poses greater security risks to enterprise applications

In light of SolarWinds and other high-profile attacks involving the software supply chain, security teams are increasingly examining the security of their off-the-shelf software. A recent Dark Reading survey of 173 IT and cybersecurity professionals identified different types of enterprise application security risks, including attackers with in-depth knowledge of application vulnerabilities, developers not trained in secure coding practices, outsourced applications and poorly secured infrastructure.

Dark Reading’s “How Companies Build Secure Applications” report shows that attitudes towards application security risks remain largely unchanged this year from 2020, despite the widespread disruptions to IT operations associated with the shift to work distance and restrictions associated with the global COVID-10 pandemic. For example, 34% of respondents in the 2021 survey said hackers with deep knowledge of how to exploit application vulnerabilities pose the greatest security risk to their application environments, compared to 35% % last year, and 27% are worried about security issues. related to outsourced applications, compared to 25% last year.

Respondents also indicated that they were slightly more concerned about risks from outsourced applications and poorly secured infrastructure this year than they were last year. Twenty-seven percent said outsourced applications pose security risks to the organization’s applications in the 2021 survey, up from 25% in 2020, and 24% are concerned about insecure infrastructure in 2021 , down from 21% in 2020. In other areas, respondents seem less worried, at least about proper developer security training, DevOps practices, and management support for application security. In the 2021 survey, only 30% of respondents said they were worried about untrained security developers, compared to 38% who said the same in 2020.

Keep up to date with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly straight to your inbox.