Operant AI announced the launch of MCP Gateway, an expansion of its flagship AI Gatekeeper™ platform, that delivers comprehensive security for Model Context Protocol (MCP) applications.
Nearly Half of Development Teams Now "Own" Application Security
May 19, 2025
Almost half (49%) of CISOs say buyers now factor application security (AppSec) into purchasing decisions, according to A CISO's Guide to Steering AppSec in the Age of DevSecOps, a report from Checkmarx.
In fact, in nearly half of software-based product companies, security oversight has moved outside the CISO's office entirely.
As application complexity and scale grow — driven by AI, microservices and hybrid application architectures — engineering teams are increasingly accountable for ensuring secure, scalable delivery. With faster release cycles and expanding code bases, AppSec decisions and budgets are shifting toward development teams to embed security earlier and more efficiently in the development process.
"We're witnessing a pivotal change: AppSec is now a competitive differentiator, a budget priority and a boardroom issue," said Checkmarx Chief Product Officer Jonathan Rende. "As development teams take greater ownership, CISOs must focus on governance, strategy and collaboration to keep security outcomes on track."
Key Finding: Application Security is Crucial to Purchasing Decisions
CISOs responding from industries including banking and finance, media, insurance, software, manufacturing and the public sector revealed that robust AppSec programs and practices remain a strong differentiator in their customers' buying decisions. Key data points include:
■ 49% of respondents report that buyers regularly consider application security in purchasing decisions.
■ 24% indicated that application security is "always" a factor in those decisions.
■ This trend is most pronounced in Europe, where 58% of respondents report that security is "always" a factor, compared to 33% in the Asia Pacific region and only 8% in North America.
The Checkmarx study also found that decision-making is becoming increasingly decentralized, with development teams more often influencing security practices and even owning budget authority. The study revealed that:
■ In organizations developing software-based products responsibility is split, 50% of organizations assign security responsibility to CISOs while 43% move security oversight to development teams.
■ 56% of organizations say that most of their development teams are fully integrated with AppSec programs.
Rende added, "As security responsibility migrates toward development teams, so does the funding. That's why CISOs today need to lead with influence, creating guardrails, not roadblocks."
Security's Role in the Boardroom Remains Inconsistent
The study report highlights a persistent gap in how security is communicated at the executive level. While 62% of CISOs report AppSec metrics to their board, most focus solely on vulnerability counts, with only 25% tying those risks to business outcomes like brand reputation or regulatory exposure. This disconnect underscores the urgency for CISOs to frame security in terms of business risk — a prerequisite for securing sustained buy-in at the executive level.
Methodology: Performed in collaboration with Global Surveyz, researchers surveyed CISOs at organizations with annual revenues exceeding $750 million and development teams of at least 180 developers. Participants spanned the US, Canada, Western Europe and the APAC region.
Industry News
June 12, 2025
Oracle has expanded its collaboration with NVIDIA to help customers streamline the development and deployment of production-ready AI, develop and run next-generation reasoning models and AI agents, and access the computing resources needed to further accelerate AI innovation.
June 12, 2025
Datadog launched its Internal Developer Portal (IDP) built on live observability data.
June 12, 2025
Azul and Chainguard announced a strategic partnership that will unite Azul’s commercial support and curated OpenJDK distributions with Chainguard’s Linux distro, software factory and container images.
June 11, 2025
SmartBear launched Reflect Mobile featuring HaloAI, expanding its no-code, GenAI-powered test automation platform to include native mobile apps.
June 11, 2025
ArmorCode announced the launch of AI Code Insights.
June 11, 2025
Codiac announced the release of Codiac 2.5, a major update to its unified automation platform for container orchestration and Kubernetes management.
June 10, 2025
Harness Internal Developer Portal (IDP) is releasing major upgrades and new features built to address challenges developers face daily, ultimately giving them more time back for innovation.
June 10, 2025
Azul announced an enhancement to Azul Intelligence Cloud, a breakthrough capability in Azul Vulnerability Detection that brings precision to detection of Java application security vulnerabilities.
June 10, 2025
ZEST Security announced its strategic integration with Upwind, giving DevOps and Security teams real-time, runtime powered cloud visibility combined with intelligent, Agentic AI-driven remediation.
June 09, 2025
Google announced an upgraded preview of Gemini 2.5 Pro, its most intelligent model yet.
June 09, 2025
iTmethods and Coder have partnered to bring enterprises a new way to deploy secure, high-performance and AI-ready Cloud Development Environments (CDEs).
June 09, 2025
Gearset announced the expansion of its new Observability functionality to include Flow and Apex error monitoring.
June 05, 2025
Check Point® Software Technologies Ltd. announced that U.S. News & World Report has named the company among its 2025-2026 list of Best Companies to Work For.
June 05, 2025
Postman announced new capabilities that make it dramatically easier to design, test, deploy, and monitor AI agents and the APIs they rely on.
