Strategies

Who Owns Application Security?

F5 Labs' Ray Pompon writes for Help Net Security, discussing the dismayingly low number of firms whose CISO owns application security.
October 11, 2018
1 min. read

In July 2018, F5 released its first annual Application Protection Report. As part of the report, F5 commissioned Ponemon to survey of 3,135 IT security practitioners across the world. The survey collected information about respondent’s application security processes. A key question asked for respondents to name their organization’s primary owner of application risk.

In theory, one would hope that the CISO was the number one answer by far. In reality, the CISO came in fifth place. The top owners of app security were: the CIO/CTO at 26%, Head of Application Development at 21%, and Business Units tying with “no one” at 18%. Surprisingly, CISOs received only 10% of the responses for the application security risk owner. The only choices lower than CISO were Compliance at 5% and Quality Assurance at 1%.

Read the full article published August 23, 2018 here: https://www.helpnetsecurity.com/2018/08/23/who-owns-application-security/ by Help Net Security.

Join the Discussion
Authors & Contributors
Raymond Pompon (Author)

More from Learning Center

Forward and Reverse Shells
Forward and Reverse Shells
09/15/2023 article 5 min. read
Web Shells: Understanding Attackers’ Tools and Techniques
Web Shells: Understanding Attackers’ Tools and Techniques
07/06/2023 article 6 min. read
What Is Zero Trust Architecture (ZTA)?
What Is Zero Trust Architecture (ZTA)?
07/05/2022 article 13 min. read