Jan 23, 2025 SOURCE: PR NewsWire

Legit Security Releases 2025 State of Application Risk Report, Revealing 100% of Organizations Have High or Critical Risks in Their Development Environments

Security leader's new research highlights where the greatest application risks live and how organizations can prioritize their application security efforts

BOSTON, Jan. 23, 2025 /PRNewswire/ -- Legit Security, the definitive application security posture management (ASPM) leader providing end-to-end visibility and protection across the entire software factory, today announced its latest research report, The 2025 State of Application Risk: An ASPM View of the Security of Software Factories. The report found significant risk in both applications and the factories that produce them, with many organizations challenged by inefficient AppSec testing, plus a lack of visibility into secrets exposure, AI risks, SDLC misconfigurations, and software supply chain security.

The 2025 State of Application Risk report, based on data from the Legit platform, reveals that, as software development has evolved, vulnerabilities in code are now only the tip of the iceberg, with risks in development pipelines, build servers, libraries, tools, and processes lurking beneath. The research also highlights that all application risk is not created equal, and with the right context, teams can better identify the highest risk areas that deserve their focus, such as toxic combinations that compound security issues.

Leveraging its powerful ASPM and visibility capabilities, Legit Security delivers data in this report that highlights the previous year's risk findings and uncovers where application security risk lives in the modern development environment.

The report's key findings include:

    --  There is significant risk throughout the application development
        infrastructure and processes, with 100% of organizations found to have
        high or critical risks in their development environments.
    --  Application security scanning is inefficient, with 78% of organizations
        having duplicate SCA scanners and 39% with duplicate SAST scanners that
        can result in the same vulnerability findings and equivalent or
        contradictory remediation advice.
    --  Secrets exposure is pervasive, with 100% of organizations having high or
        critical secrets exposed in their code, and 36% of secrets found outside
        of source code.
    --  GenAI is an emerging threat, with 46% of organizations using AI models
        in source code in a risky way, such as low-reputation LLMs, which could
        contain malicious code or payloads or exfiltrate data sent to them.
    --  Misconfigurations are rampant, with 89% of organizations having pipeline
        misconfiguration issues that could lead to breaches like the one CodeCov
        suffered.
    --  Developer permissions sprawl is a significant issue, with 85% of
        organizations showing least-privilege violations that could lead to an
        attack like the one LastPass recently experienced.
    --  Toxic combinations of risk - such as developers using GenAI without
        human code review enforced through branch protection, or secrets in
        repositories with external collaborators - are prevalent, and highlight
        where security teams should focus their energy.

"Our research uncovered great risks everywhere throughout the development process," said Liav Caspi, Legit CTO and co-founder. "These results highlight that teams are overlooking risks in their development environments and CI/CD pipelines, and are inviting the next supply chain attack by neglecting critical security hygiene. To make an analogy, it's as if they are preparing delicious, innovative dishes, in a kitchen with rusty, dirty, malfunctioning equipment. Most security teams today don't have the visibility or the context they need to identify risk outside of source code or to effectively triage AppSec findings."

From GenAI code to overly permissioned developers to secrets exposed in Jira tickets, organizations must protect their development environments from end-to-end. Legit Security's report provides organizations with the insights they need to understand the risks embedded and enmeshed across the software factory, well beyond vulnerabilities in code, and steps they can take to reduce this risk.

To download the full report, visit https://info.legitsecurity.com/state-of-application-risk.

Methodology
The Legit research team analyzed the data uncovered by the Legit Application Security Posture Management (ASPM) platform over the past 18 months. The data represents various industries and company sizes - from organizations with fewer than 100 developers to those with thousands. Enterprises had code repositories from hundreds to tens of thousands.

About Legit Security
Legit is a new way to manage your application security posture for security, product, and compliance teams. With Legit, enterprises get a cleaner, easier way to manage and scale application security and address risks from code to cloud. Built for the modern SDLC, Legit tackles the most challenging problems facing security teams, including GenAI usage, proliferation of secrets, and an uncontrolled dev environment. Fast to implement and easy to use, Legit lets security teams protect their software factory from end to end, gives developers guardrails that let them do their best work safely, and delivers metrics that prove the security program's success. This new approach means teams can control risk across the business - and prove it.

Media Contact:
Michelle Kearney
Hi-Touch PR
443-857-9468
kearney@hi-touchpr.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/legit-security-releases-2025-state-of-application-risk-report-revealing-100-of-organizations-have-high-or-critical-risks-in-their-development-environments-302354523.html

SOURCE Legit Security

LEGIT SECURITY

Related News

Legit Security Releases MCP Server, Adding Trust and Security to AI-Led Coding

Legit Security Named a Leader in Frost & Sullivan's 2024 Global Application Security Posture Management (ASPM) Radar Report

Legit Security Launches AI-Powered, Enterprise-Grade Secrets Scanning Product

Legit Security Names Yoav Stahl as Vice President of Product for AI-Native ASPM Platform

Legit Security Extends ASPM Platform Capabilities With Advanced Root Cause Remediation

Legit Security Strengthens ASPM Platform With Broadest Set of AI Capabilities on the Market

Legit Security Adds New, Adaptive 'Legit Posture Score,' Consolidating Cross-Industry Best Practices and Regulatory Frameworks to Operationalize ASPM and Benchmark Real-Time Posture Performance

Legit Security Launches New AI Capabilities With Agents to Strengthen Discovery and Security of AI-Developed Code

View all News

Latest Procurements

Deadline: Jul 31, 2025

Eight Lane Electronic Target System For Air Rifle And Air Pistol Of Indoor Shooting Range Quantity: 1

BID NO: GEM/2025/B/6282105 View Corrigendum/RepresentationItems: Eight Lane Electronic Target S...Quantity: 1Department Name And Address: Ministry of DefenceDepartment of Military AffairsStart Date: 21-06-2025 2:00 PMEnd Date: 31-07-2025 2:00 PM

Deadline: Aug 13, 2025

Procurement Of Spares For Rafale Aircraft

424. 13-Jun-2025 05:00 PM 13-Aug-2025 03:00 PM 20-Aug-2025 03:00 PM PROCUREMENT OF SPARES FOR RAFALE AIRCRAFT/AIRHQ/DPROC/25-26/W25080/PUR/2025_IAF_714252_1 Indian Air Force -- Organisation Details : Organisation Name : Indian...

Deadline: Aug 7, 2025

Procurement Of Spares For Mirage- 2000 Aircraft

493. 13-Jun-2025 05:00 PM 07-Aug-2025 11:30 AM 07-Aug-2025 11:45 AM PROCUREMENT OF SPARES FOR MIRAGE- 2000 AIRCRAFT/AIR HQ/DPROC/W25079/PUR/2025_IAF_801635_1 Indian Air Force -- Organisation Details : Organisation Name...

View all Procurementsp