Curated from Latest from TechRadar US in News,opinion — Here’s what matters right now:
For many years, application security (AppSec) occupied a small technical niche within cybersecurity and was rarely seen as a critical boardroom-level priority. Today, though, we can see awareness shifting. In recent research conducted by Checkmarx, nearly half of CISOs said they believe buyers now factor AppSec into purchasing decisions, showing its increased strategic weight in business operations. Yet there’s still a stark disconnect between how AppSec is seen and how it’s put into practice. Just 39% of respondents felt that their business operations currently run on secured applications. With AppSec now recognized as critical to business resilience, it often falls short in execution. To close the implementation gap, CISOs must lead a charge in rethinking governance, culture, and scale. AppSec ownership is shifting but visibility is suffering As software development cycles accelerate and architectures grow more complex, security responsibilities are moving closer to the code , and in nearly half of software-based companies, security oversight has moved outside the CISO’s office. Instead, our research found that development or product teams are now just as likely to own AppSec decisions. This shift makes operational sense: embedding security earlier in the SDLC enables scalable protection without sacrificing delivery speed, but it can introduce visibility gaps across teams and pipelines. Decentralizing AppSec typically introduces fragmentation. On average, organizations juggle more than 11 security tools, many of which are not integrated into a coherent workflow. Without central oversight, CISOs risk losing track of how security is being applied - or where it’s falling short. Inconsistent practices, “shadow security” workarounds, and gaps in coverage become more likely when security policies aren't uniformly applied. This shift also alters the flow of influence within the company. Developers increasingly have veto power over tools that interrupt their workflows, which means security can take a back seat if the two teams aren’t able to collaborate effectively. If AppSec is to scale effectively, governance must evolve along with it. That means enabling secure practices without enforcing bottlenecks and without losing visibility in the process. CISOs have a critical role to play here, ensuring that security is implemented smoothly as a set of guardrails rather than roadblocks. DevSecOps maturity remains low Despite the push for “shift left” practices and the proliferation of AppSec tools, most organizations lack maturity in their security integration. Of the CISOs in our research just 20% reported “high” or “very high” DevSecOps maturity. Meanwhile, 70% said that at least half of their applications still lack adequate security coverage. This is an alarmingly high figure when considering how important applications have become to most operations. Part of the problem is that early-stage security integration doesn’t extend far enough. Many teams focus
Next step: Stay ahead with trusted tech. See our store for scanners, detectors, and privacy-first accessories.
Original reporting: Latest from TechRadar US in News,opinion