The 4 Factors leading
to vulnerable applications

The release of vulnerable applications creates significant risk. Despite this, 81% of DevOps teams admitted to knowingly releasing software they knew to be flawed. Our research asked hundreds of DevOps and Security teams at large organizations why this was:

Lack of Time & Resources: Security Teams

39%had enoughtime toshift left

Do you have enough timeto help the dev teamsecure applications?

66%
NO

Inadequate Training & Threat Intelligence

3 out of 4dev teams receive threat intelweekly or less

50%of orgs rely onclassroom training toupskill their devs

Disconnect: front-line workers & managers

Devs27%

Head of DevOps80%

Security Staff50%

CISO76%

*Percentage of 'yes' respondents

Is AppSec a critical part of your job?

Disconnect: security & dev teams

Do you believe yourapplicationscould withstand a targeted attack?

44%Security Staff Agree

66%Devs Agree

Immersive Labs empowers organizations to increase, measure and demonstrate human capabilities in every part of their cybersecurity.

Read the full report here

The 4 Factors leading
to vulnerable applications

Lack of Time & Resources: Security Teams

39%had enoughtime toshift left

Do you have enough timeto help the dev teamsecure applications?

66%
NO

Inadequate Training & Threat Intelligence

3 out of 4dev teams receive threat intelweekly or less

50%of orgs rely onclassroom training toupskill their devs

Disconnect: front-line workers & managers

Is AppSec a critical part of your job?

Disconnect: security & dev teams

Do you believe yourapplicationscould withstand a targeted attack?

44%Security Staff Agree

66%Devs Agree

Imperfect People, Vulnerable Applications

Patch Newsday: 14 September 2021 – Lousy Browsers and Arsey RCEs

Analyzing the CVE-2021-40444 exploit

Take the power back: Tool-up against a notorious global threat group with our new FIN7 series

Episode 44: Rotten Apple or Privacy Nuts?

Patch Newsday 10 August: Ironic exploitation and the spectre of PrintNightmare

Kaseya supply chain attack: Prepare to respond with the Cyber Crisis Simulator

The 4 Factors leadingto vulnerable applications

Lack of Time & Resources: Security Teams

39%had enoughtime toshift left

Do you have enough timeto help the dev teamsecure applications?

66%NO

Inadequate Training & Threat Intelligence

3 out of 4dev teams receive threat intelweekly or less

50%of orgs rely onclassroom training toupskill their devs

Disconnect: front-line workers & managers

Is AppSec a critical part of your job?

Disconnect: security & dev teams

Do you believe yourapplicationscould withstand a targeted attack?

44%Security Staff Agree

66%Devs Agree

Imperfect People, Vulnerable Applications

Patch Newsday: 14 September 2021 – Lousy Browsers and Arsey RCEs

Analyzing the CVE-2021-40444 exploit

Take the power back: Tool-up against a notorious global threat group with our new FIN7 series

Episode 44: Rotten Apple or Privacy Nuts?

Patch Newsday 10 August: Ironic exploitation and the spectre of PrintNightmare

Kaseya supply chain attack: Prepare to respond with the Cyber Crisis Simulator

The 4 Factors leading
to vulnerable applications

66%
NO