IT and security pros view app security differently

A new report into corporate app security, conducted by runtime application security visibility and protection company Prevoty, shows significant discrepancies between IT and security professionals, when it comes to appsec.

The report, entitled The Real Root Cause of Breaches - Security and IT Pros at Odds Over AppSec, is based on a poll of more than 1,000 IT and security professionals, and says there are major divides in how these two groups handle app updates, appsec tuning and backlogging.

Half of IT professionals update an app every one to six months, while half (52 per cent) of security experts do it once a day, if not more. The report also says both groups spend significant amounts of time tuning appsec solutions – 80 per cent of security professionals’ time is devoted to this, and 40 per cent of IT pros’ time.

This means the groups are left with ‘very little time’ to do anything else, the report says.

When it comes to backlogging, security experts said to have up to 5,000 vulnerabilities backlogged, while IT pros – none.

“Attacks against web applications are rising dramatically, and protecting these applications continues to be a struggle,” said Prevoty CEO and Co-Founder Julien Bellanger. “It’s surprising to discover that so many IT professionals are uninformed about, or under-prioritizing, this phenomenon. Prevoty has been protecting applications against millions of monthly attacks in our three years of production. Bridging the gap between Security and IT professionals is critical to take application security to the next level.”

Image source: Shutterstock/Titima Ongkantong