1

Click here to load reader

IBM and Black Duck Software Infographic: Application Security – The Changing Attack Surface

Embed Size (px)

Citation preview

Page 1: IBM and Black Duck Software Infographic: Application Security – The Changing Attack Surface

Application Security THE CHANGING ATTACK SURFACEA GREATER PERCENTAGE OF SOFTWARE CODE IS OPEN SOURCE

2016

60%-80%

2008

30%-50%

1998

5%- 10%

Custom Code Open Source Code

SOURCE: BLACK DUCK SOFTWARE

6,000 new open source vulnerabilities have been reported since 2014

SOURCE: NATIONAL VULNERABILITY DATABASE

SOURCE: SAP

84% of all cyber attacks happen on the application layer

Network Layer

SECURITY INVESTMENT PRIORITIES DO NOT MATCH THREATS

Application Layer

Data Layer

Physical Layer

Host Layer

Human Layer

Security Risk Spending

But Network Security Attracts the Highest Investment

Application Security Faces Most Threats

SOURCE: PONEMON INSTITUTE STATE OF APPLICATION SECURITY RISK MANAGEMENT REPORT

Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, open source license compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in San Jose, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com

AS THE APPLICATION SECURITY THREAT LANDSCAPE CHANGES, INVESTMENT PRIORITIES MUST FOLLOW SUIT

• Open source use continues to grow rapidly and comprises up to 80% of an application’s code, significantly increasing the security and management challenges organizations must overcome

• Application security attack vectors have grown in scope and reach with the advent of the internet, cloud computing, mobile access and the Internet of Things (IoT)

• Security investment priorities must shift to the application layer in order to address growing risks, including those posed by known open source security vulnerabilities

EXPANDING SECURITY RISKS

1998 2008 2016

SOURCE: INDUSTRY ESTIMATE