A recent report by Cycode reveals that a majority of CISOs believe that application security attack surfaces are unmanageable, leading to vulnerability noise and alert fatigue [1] [3]. The report also highlights the need for better collaboration between security and development teams.


Based on a survey of 500 US CISOs [2], AppSec Directors [1] [2] [3], and DevSecOps team members [1] [2], the report by Cycode indicates that 78% of CISOs find today’s application security attack surfaces to be unmanageable. This results in vulnerability noise and alert fatigue [1], causing critical vulnerabilities to be overlooked by developers. Additionally, 90% of respondents feel that there is room for improvement in the relationships between security and development teams [4] [5] [6]. The report also reveals that 77% of CISOs consider software supply chain security a bigger blind spot compared to emerging technologies. Furthermore, 75% of security professionals struggle with managing multiple security tools [4].

The report predicts that by 2026, over 40% of organizations developing proprietary applications will adopt Application Security Program Management (ASPM) [1]. In response to these challenges, 92% of CISOs plan to consolidate their application security tools into a single platform within the next year [4]. Cycode [1] [2] [3] [4], a company specializing in ASPM [1], offers a comprehensive solution that consolidates AppSec tools into a single platform [1]. They also provide an integration platform that allows companies to connect their existing AppSec tools for real-time visibility into their security posture [1]. Cycode’s approach to ASPM addresses the criticality of software supply chain security [1].


The report emphasizes the need for better coordination between developers and security teams to maintain a strong application security posture [1]. It highlights the impacts of unmanageable attack surfaces, vulnerability noise [1] [3], and alert fatigue [1] [3] [4] [6]. To mitigate these challenges, organizations are increasingly adopting ASPM and consolidating their application security tools. This trend indicates a growing recognition of the importance of software supply chain security. Looking ahead, the report suggests that the adoption of ASPM will continue to increase, with over 40% of organizations expected to adopt it by 2026.


[1] https://vmblog.com/archive/2023/12/06/cycode-releases-state-of-aspm-report-shows-77-of-cisos-believe-software-supply-chain-security-is-a-bigger-blind-spot-than-generative-ai.aspx
[2] https://www.infosecurity-magazine.com/news/cisos-concerned-appsec/
[3] https://securityboulevard.com/2023/12/introducing-the-state-of-aspm-2024-report/
[4] https://www.globenewswire.com/news-release/2023/12/06/2791811/0/en/Cycode-Releases-State-of-ASPM-Report-Shows-77-of-CISOs-Believe-Software-Supply-Chain-Security-Is-a-Bigger-Blind-Spot-Than-Generative-AI.html
[5] https://www.sdcexec.com/safety-security/risk-compliance/news/22881091/cycode-77-of-cisos-believe-software-supply-chain-security-is-bigger-blind-spot-than-generative-ai
[6] https://finance.yahoo.com/news/cycode-releases-state-aspm-report-140000439.html