Checkmarx

31 STATS3 REPORTS

Reports

The Future of AppSec in the Era of AI12 statsA CISO’s Guide to Steering AppSec in the Era of DevSecOps10 statsDevSecOps Evolution 20259 stats

All Statistics

Fewer than half of the CISOs, AppSec managers and developers report deploying foundational security tools like dynamic application security testing (DAST) or infrastructure-as-code scanning.

CheckmarxThe Future of AppSec in the Era of AI·Aug 14, 2025
AIDASTInfrastrucutre-as-code scanning

Just 51% of North American organisations report adopting DevSecOps

CheckmarxThe Future of AppSec in the Era of AI·Aug 14, 2025
AIDevSecOps

Only half of organisations surveyed actively use core DevSecOps tools.

CheckmarxThe Future of AppSec in the Era of AI·Aug 14, 2025
AIDevSecOps

34% of CISOs, AppSec managers and developers admit that more than 60% of their code is AI-generated.

CheckmarxThe Future of AppSec in the Era of AI·Aug 14, 2025
AIAI coding assistant

98% of organisations experienced a breach stemming from vulnerable code in the past year.

CheckmarxThe Future of AppSec in the Era of AI·Aug 14, 2025
AIVulnerable codeBreach

Within the next 12 to 18 months, nearly a third (32%) of CISOs, AppSec managers and developers expect Application Programming Interface (API) breaches via shadow APIs or business logic attacks.

CheckmarxThe Future of AppSec in the Era of AI·Aug 14, 2025
AIAPIShadow APIsBusiness logic attackBreach

Only 18% of organisations have policies governing AI use.

CheckmarxThe Future of AppSec in the Era of AI·Aug 14, 2025
AIAI policy

Up to 60% of code is being generated by organisations using AI coding assistants.

CheckmarxThe Future of AppSec in the Era of AI·Aug 14, 2025
AIAI coding assistant

20% of organisations still forbid the use of AI coding assistants.

CheckmarxThe Future of AppSec in the Era of AI·Aug 14, 2025
AIAI coding assistant

81% of organisations knowingly ship vulnerable code.

CheckmarxThe Future of AppSec in the Era of AI·Aug 14, 2025
AIVulnerable code

Half of CISOs, AppSec managers and developers already use AI security code assistants.

CheckmarxThe Future of AppSec in the Era of AI·Aug 14, 2025
AIAI coding assistant

81% of organisations knowingly ship vulnerable code.

CheckmarxThe Future of AppSec in the Era of AI·Aug 14, 2025
AIVulnerable code

In North America, only 8% of respondents report security is “always” a factor in purchasing decisions.

CheckmarxA CISO’s Guide to Steering AppSec in the Era of DevSecOps·May 13, 2025
Application security

In the Asia Pacific region, 33% of respondents report security is “always” a factor in purchasing decisions.

CheckmarxA CISO’s Guide to Steering AppSec in the Era of DevSecOps·May 13, 2025
Application security

Only 39% of business operations run on secured applications, according to CISOs.

CheckmarxA CISO’s Guide to Steering AppSec in the Era of DevSecOps·May 13, 2025
Application security

In nearly half of software-based product companies, security oversight has moved outside the CISO’s office entirely.

CheckmarxA CISO’s Guide to Steering AppSec in the Era of DevSecOps·May 13, 2025
Application security

49% of CISOs say that buyers now factor application security (AppSec) into purchasing decisions.

CheckmarxA CISO’s Guide to Steering AppSec in the Era of DevSecOps·May 13, 2025
Application security

24% of respondents indicated that application security is “always” a factor in purchasing decisions.

CheckmarxA CISO’s Guide to Steering AppSec in the Era of DevSecOps·May 13, 2025
Application security

In Europe, 58% of respondents report that security is “always” a factor in purchasing decisions.

CheckmarxA CISO’s Guide to Steering AppSec in the Era of DevSecOps·May 13, 2025
Application security

In organisations developing software-based products, responsibility is split: 50% of organisations assign security responsibility to CISOs, while 43% move security oversight to development teams.

CheckmarxA CISO’s Guide to Steering AppSec in the Era of DevSecOps·May 13, 2025
Application security

56% of organisations say that most of their development teams are fully integrated with AppSec programmes.

CheckmarxA CISO’s Guide to Steering AppSec in the Era of DevSecOps·May 13, 2025
Application security

62% of CISOs report AppSec metrics to their board.

CheckmarxA CISO’s Guide to Steering AppSec in the Era of DevSecOps·May 13, 2025
Application security

72% of developers spend more than 17 hours each week on security-related tasks.

CheckmarxDevSecOps Evolution 2025·Mar 27, 2025
Developers

45% of organisations are measuring code security.

CheckmarxDevSecOps Evolution 2025·Mar 27, 2025
Coding

41.53% of responding developers reported that they understand the vulnerability tickets they receive, as well as how the vulnerability manifests during runtime, from 41-60% of the time.

CheckmarxDevSecOps Evolution 2025·Mar 27, 2025
DevelopersVulnerability tickets

28.3% of organisations are tracking mean time to remediate as a metric.

CheckmarxDevSecOps Evolution 2025·Mar 27, 2025
DevelopersRemediation

99.6% of developers have access to security training.

CheckmarxDevSecOps Evolution 2025·Mar 27, 2025
DevelopersTraining

One in four developers spends more than 25 hours each week on security-related tasks.

CheckmarxDevSecOps Evolution 2025·Mar 27, 2025
Developers

21% of developers surveyed say that security is their top priority when coding.

CheckmarxDevSecOps Evolution 2025·Mar 27, 2025
DevelopersCoding

46.27% of organisations are tracking ability to meet deadlines

CheckmarxDevSecOps Evolution 2025·Mar 27, 2025
Developers

90% of developers rank the effectiveness of the training they receive as medium or high.

CheckmarxDevSecOps Evolution 2025·Mar 27, 2025
DevelopersTraining