Datadog's 2023 State of Application Security Report Presents Top AppSec Trends

Rhea-AI Summary

Datadog (NASDAQ: DDOG) released its 2023 State of Application Security Report on April 25, 2023. The report highlights that only 3% of vulnerabilities tagged as 'critical' by the Common Vulnerability Scoring System (CVSS) are genuinely high risk. This finding suggests that 97% of such vulnerabilities can be deprioritized, allowing security teams to optimize their budgets and efforts effectively. The study indicates that non-production environments are targeted in 10% of attacks, and many attacks fail due to the wrong choice of programming languages or vulnerabilities. Java services have the most critical vulnerabilities, while Python has the least. The report emphasizes the need for DevOps teams to stay ahead of threats while maintaining operational efficiency.

Positive

• Identifying that only 3% of vulnerabilities classified as critical are truly high-risk allows for better resource allocation.
• The report reveals actionable insights for security teams to optimize their budgets and efforts in addressing vulnerabilities.
• Highlights the importance of understanding the context of vulnerabilities rather than solely relying on CVSS scores.

Negative

• A high percentage of critical vulnerabilities (97%) can be deprioritized, potentially indicating previous misallocation of resources.
• The report underscores vulnerabilities within Java services, which could pose risks for organizations relying heavily on this technology.

The report found that ninety-seven percent of security vulnerabilities labeled as "critical" could actually be deprioritized

NEW YORK, April 25, 2023 /PRNewswire/ -- Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications, today released its 2023 State of Application Security Report. To better understand the current vulnerabilities and threats targeting DevOps organizations, researchers evaluated real-world data from thousands of Datadog customers. According to the report, only three percent of critical vulnerabilities are truly high risk and worth prioritizing.

The emergence of widespread vulnerabilities and the importance of rapidly discovering vulnerable applications means the onus is on DevOps teams to stay ahead of threats while maintaining release velocity and ensuring efficient use of security budgets. All vulnerabilities rated critical by the Common Vulnerability Scoring System (CVSS) get prioritized for fixes by application and security teams. However, according to Datadog's 2023 State of Application Security Report, only three percent of vulnerabilities rated as critical by the CVSS are actually worth prioritizing.

The research report compared the standard CVSS severity score with a modified severity score that accounts for runtime context. This approach considers evidence of suspicious traffic, as well as internet-exposed or sensitive environments. As a result, ninety seven percent of vulnerabilities labeled as critical by CVSS could be downgraded and assigned a lower severity score.

"In today's macroeconomic environment, it is more important than ever to optimize costs wherever possible. For security teams, that means there is increased pressure to find and fix the vulnerabilities that will most impact the business," said Emilio Escobar, Chief Information Security Officer at Datadog. "The findings in the State of Application Security Report show that there is a clear path to maximizing the efficiency of security budgets this year by prioritizing the three percent of vulnerabilities that are actually critical and will have the greatest impact on the organization's security posture."

Other findings from the report include:

• One out of every ten attacks targeted non-production environments.
• Seven out of ten attacks failed to succeed because they targeted the wrong programming language, operating systems or vulnerabilities.
• Java services have the most critical vulnerabilities while Python services have the fewest.

The 2023 State of Application Security Report is available now. Read the full report here: https://www.datadoghq.com/state-of-application-security.

About Datadog

Datadog is the observability and security platform for cloud applications. Our SaaS platform integrates and automates infrastructure monitoring, application performance monitoring, log management, real-user monitoring, and many other capabilities to provide unified, real-time observability and security for our customers' entire technology stack. Datadog is used by organizations of all sizes and across a wide range of industries to enable digital transformation and cloud migration, drive collaboration among development, operations, security and business teams, accelerate time to market for applications, reduce time to problem resolution, secure applications and infrastructure, understand user behavior, and track key business metrics.

Forward-Looking Statements

This press release may include certain "forward-looking statements" within the meaning of Section 27A of the Securities Act of 1933, as amended, or the Securities Act, and Section 21E of the Securities Exchange Act of 1934, as amended including statements on the benefits of new products and features. These forward-looking statements reflect our current views about our plans, intentions, expectations, strategies and prospects, which are based on the information currently available to us and on assumptions we have made. Actual results may differ materially from those described in the forward-looking statements and are subject to a variety of assumptions, uncertainties, risks and factors that are beyond our control, including those risks detailed under the caption "Risk Factors" and elsewhere in our Securities and Exchange Commission filings and reports, including the Annual  Report on Form 10-K filed with the Securities and Exchange Commission on February 24, 2023, as well as future filings and reports by us. Except as required by law, we undertake no duty or obligation to update any forward-looking statements contained in this release as a result of new information, future events, changes in expectations or otherwise.

Contact
Dan Haggerty
press@datadoghq.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/datadogs-2023-state-of-application-security-report-presents-top-appsec-trends-301807327.html

SOURCE Datadog, Inc.

FAQ

What does Datadog's 2023 State of Application Security Report reveal about vulnerabilities?

The report indicates that only 3% of security vulnerabilities labeled as 'critical' are genuinely high risk and worth prioritizing, allowing for better resource management.

When was the 2023 State of Application Security Report released by Datadog?

The report was released on April 25, 2023.

What percentage of attacks target non-production environments according to Datadog's report?

The report states that one out of every ten attacks targets non-production environments.

How do programming languages affect the success of attacks as per the report?

The report finds that seven out of ten attacks fail because they target the wrong programming languages, operating systems, or vulnerabilities.

What is the difference in vulnerability levels between Java and Python services according to the report?

Java services are reported to have the most critical vulnerabilities, while Python services have the fewest.