A survey of 275 security professionals revealed that customer-facing web applications are the top security concern, while data breaches and GDPR compliance remain critical issues. Open source software is widely used but contains many unpatched vulnerabilities, highlighting the risks of third-party code. Organizations face challenges such as skilled labor shortages and budget constraints in securing their applications, emphasizing the need for effective application security solutions.

1. of respondents had a direct
or adjacent role in cyber
security, risk management,
or software engineering.
of their organizations had a formal
application security process in place.
GDPR, data security, and data privacy
But of those who had,
would be in violation
of GDPR if the breach
happened today.
73%
had not
suffered a
data breach
in the last
two years.
At Infosecurity Europe in June, we
surveyed 275 attendees to get the pulse
of top concerns in Europe today.
Where’s the risk?
For the second consecutive year,
almost half of respondents (44%)
highlighted customer-facing web
applications as their top concern.
Only 12% were most concerned
about IoT devices.
44%
29%
15%
12%
But our recent Open
Source Security and
Risk Analysis
(OSSRA) tells a
different story about
IoT risk. On average,
IoT codebases
contain 77% open
source components...
77%
open source
components
...and have a
whopping
vulnerabilities
each!
44%
Where’s the highest risk?
27%
25%
22%
Third-party proprietary code
Misconfiguration in cloud or containerized
applications
Open source software components in the
applications their organizations develop or use
Most organizations don’t know what’s in their third-party code. Open source is
ubiquitous, as are unpatched open source vulnerabilities. Do your vendors have
an automated method to manage and secure their open source?
96%
of all applications
use open source.
They have an average of
unique open source
components.
257
64%
90%
GDPR came into effect in May 2018, and data breaches
dominate the news.
What are the biggest AppSec challenges today?
33%
30%
29%
The impact of security on development agility
and speed
A lack of skilled professionals
Budget constraints
Application security is complex,
and the stakes are high
In this new era of data privacy, heralded by GDPR, protecting user data from breaches
is more critical than ever. Data breaches affecting customers by the millions top the
news weekly, if not daily—and the consequences aren’t insignificant.
Are you prepared?
677
Customer-facingweb
applications
Internal/business
applications
Mobile
apps
IoT
devices
The Synopsys difference
Synopsys helps development teams build secure, high-quality software, minimizing risks while maximizing speed and
productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and
dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source
components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys
helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle.
For more information, go to www.synopsys.com/software.
Find out