Conviso released the results of the survey “The scenario of the Brazilian Application Security market in 2022”. With the goal of studying and documenting the development of the AppSec industry, the report consolidates the answers of professionals such as information security analysts and developers from Brazilian companies of all sectors and sizes – who deal with sensitive user data.
You can also listen to this article:
One of the biggest findings of the report is that around 90.9% of the professionals understand that the responsibility for ensuring application security belongs to everyone involved in the process. The report also points out that 61.6% of respondents indicate that their companies have a specific sector for AppSec.
Compared to the study released by Conviso in 2020, there has been a 10% growth in the last 2 years, which indicates an advance in awareness of the importance of security steps during application creation.
When asked “does the company you work for have sufficient and/or satisfactory knowledge about AppSec?”, 54.5% say that the company they work for is investing in improvements in this regard. Another 21.2% answered no. Only 18.2% answered yes.
Regarding priorities when it comes to investing in AppSec, investing in AppSec training appeared as the first priority – with 26.3% of the answers, followed by investing in tools, with 14.1%. In 2020, 37.5% of respondents also reported prioritizing investments in training. The intentions of investing in tests has also decreased: in 2020, 25% of respondents prioritized it, against 13% in 2022.
According to Rodrigo Maués, Tech Lead in Conviso’s Consulting team, the results show that we are in the process of understanding the importance of best practices in secure development. “Even though the scenario is already very different from what it was a few years ago, we need to evolve in the application security culture. It’s important to look at maturity models and understand that they are not ‘locks’ and that they can be adapted to work with agile models. This will lead to better clarity on many aspects of AppSec, both for development and security teams, but as well as for business teams”, he warns.
“But it is important to note that we still have improvements for the industry. I am very satisfied with the result and this can show that our market is indeed maturing and understanding the value of delivering secure software”.