2021 Application Security Observability Report

Disruptive change in the marketplace has been the name of the game for some time, and this trend promises to continue in the months and years to come. Businesses were already embracing digital transformation before the COVID-19 pandemic, which rapidly accelerated digital adoption—with McKinsey indicating late last year that the share of digital and digitally enabled products leapfrogged an astounding seven years in the past year. 

Our goal with this report is to guide organizations as they strive to grow digital innovation while maintaining application security. Accordingly, we focus first on the nuts and bolts of how software is structured—the active and inactive code that makes up the software and how many routes are exercised. We then focus on custom code vulnerabilities and open-source libraries and frameworks. We then move to data about vulnerability remediation and security debt and to telemetry about application attacks. Finally, we update the Contrast RiskScore Index, which provides an easy-to-understand score that helps organizations better understand the risk of various vulnerability types.