KUALA LUMPUR, May 14 (Bernama) -- Application security (AppSec) is emerging as a key consideration in purchasing decisions, with nearly half of chief information security officers (CISOs) confirming that buyers now prioritise secure software, according to a new report by Checkmarx.
Titled “A CISO’s Guide to Steering AppSec in the Age of DevSecOps”, the annual report is based on a global survey of 200 CISOs across various sectors, including banking and finance, media, insurance, manufacturing, and the public sector.
As applications become more complex—driven by AI, microservices, and hybrid architectures—development teams are increasingly responsible for embedding security directly into the software development process. Faster release cycles and growing codebases are prompting budget and decision-making authority to migrate from CISOs to developers.
Checkmarx Chief Product Officer Jonathan Rende emphasised this transition, noting that AppSec is no longer just a technical concern but a strategic, boardroom-level issue.
“As development teams take greater ownership, CISOs must focus on governance, strategy and collaboration to keep security outcomes on track,” he said in a statement.
A global leader in cloud-native application security, Checkmarx found that 49 per cent of respondents stated AppSec is regularly factored into customer purchasing decisions, while 24 per cent said it is “always” a consideration. The trend is most prominent in Europe (58 per cent), compared to the Asia Pacific (33 per cent) and North America (eight per cent).
The report also revealed a shift in security ownership, where responsibility is divided in software product companies, with 50 per cent of security oversight lies with CISOs, while 43 per cent has shifted to development teams. Additionally, 56 per cent noted their development teams are fully integrated with AppSec programmes.
Despite the growing importance of AppSec, the study found inconsistency in how security is reported at the executive level. While 62 per cent of CISOs present AppSec metrics to their boards, only 25 per cent link them to business outcomes such as brand reputation or regulatory exposure.
The survey, conducted in partnership with Global Surveyz, involved CISOs from companies generating over US$750 million in annual revenue and managing development teams of at least 180 members. (US$1=RM4.30)
-- BERNAMA
