AppSecure.nrw Software Security Study
This addresses software security risks for German companies and the broader population, but it is incremental as it reports on an existing problem without proposing new solutions.
The study investigated software security practices in German companies, finding that ensuring security is a multifaceted challenge with low awareness, inaccurate self-assessment, and a lack of competence among stakeholders, which is detrimental to software security in the medium and long term.
In recent years, the World Economic Forum has identified software security as the most significant technological risk to the world's population, as software-intensive systems process critical data and provide critical services. This raises the question of the extent to which German companies are addressing software security in developing and operating their software products. This paper reports on the results of an extensive study among developers, product owners, and managers to answer this question. Our results show that ensuring security is a multi-faceted challenge for companies, involving low awareness, inaccurate self-assessment, and a lack of competence on the topic of secure software development among all stakeholders. The current situation in software development is therefore detrimental to the security of software products in the medium and long term.