Shift-Everywhere Is The Bullet Train To Secure Software
Application security is in the spotlight again this year, with continued breaches due to the vast attack surface that applications and their ecosystems provide. Attackers probe deployment infrastructure, development environments, open source dependencies, and shadow APIs looking for weaknesses. And as if that wasn’t enough to worry about, more enterprising attackers inject malicious code into the software supply chain.
But all is not lost. Security and development teams are strategically inventing preventive techniques and protection methods. The “shift everywhere” trend that Forrester identified in The State Of Application Security, 2022 continues. In our latest report, The State Of Application Security, 2023, we reviewed and analyzed our survey data to identify the key security trends of the year. Here are a few of the highlights:
- Application security budgets are increasing. Despite the ongoing economic downturn, 63% of security decision-makers reported that their application security budget will increase from 2022 to 2023. This should come as no surprise when the top global breaches in 2022 exposed over 1 billion customer records. Application security budget increases are even greater when an organization reports experiencing six or more breaches in the past 12 months.
- Software supply chains are coming under scrutiny. External breaches are most commonly caused by software supply chain exploits, and the percentage of open source code in applications is growing year over year. People in high places are starting to notice the impact that a software supply chain breach can have. In December 2022, the first US bill was passed with a software bill of materials (SBOM) provision, requiring an SBOM for FDA approval of medical devices. Savvy software composition analysis vendors are stepping up to generate SBOMs to account for this need.
- API security is the hot application security tool for 2023. While most people were celebrating the new year, T-Mobile experienced a breach that resulted in stolen data of 37 million customers. The cause of this breach? A bad actor was abusing an API. We expect to hear about more breaches from insecure APIs, with Salt Security reporting that malicious API traffic jumped 117% year over year. The good news? API security adoption is on the rise.
Want to learn more? Read our full report, The State Of Application Security, 2023, to review and understand the important security trends for 2023.
(written with Danielle Chittem, research associate)