Home

Purple Book Community and ArmorCode Announce New Research, ‘The Rise of the AppSec Leader’

via Business Wire

Eighty-four percent recognize the role of the AppSec leader as more important now than ever as organizations face growing challenges of AI-generated code and open source software.

Key Findings Include:

  • 76% of respondents named application security posture management as their top investment focus for 2025.
  • 65% believe AI will significantly reshape the AppSec function within the next year.
  • 84% said that supply chain vulnerabilities were the most significant threat to their enterprise applications.
  • Despite increased DevSecOps collaboration, 63% still report moderate or significant friction in getting developers to adopt security team feedback.

RSAC 2025 – ArmorCode, the leading Application Security Posture Management (ASPM) platform, in partnership with the Purple Book Community (PBC), a community of senior security leaders, today released “The Rise of the AppSec Leader.” The new research, which surveyed CISOs and other security leaders, found that ASPM is becoming a strategic investment priority (76 percent), largely due to major increases in AI-generated code, with 92 percent reporting insecure code as a concern. Sixty-five percent believe AI will significantly reshape the AppSec function, making the role of the AppSec leader more important now than ever to protect enterprises rapidly transformed by AI, cloud-native development and rising application threats.

As organizations become digital-first and rapidly adopt generative AI for software development, code is being created faster than ever while adding new security gaps. The research finds that AppSec leaders are growing in importance to solve this challenge by protecting enterprise applications, bridging development and security, guiding secure AI use, and harnessing platforms like ASPM for visibility and independent governance over increasingly fragmented environments.

Key Findings:

  • AI Is Reshaping AppSec Programs: 86% of respondents are already using or exploring generative AI tools in their security programs. Meanwhile, 65% believe AI will significantly reshape the AppSec function in the next year. Among those who have encountered issues with AI-generated code, 92% reported insecure code and 83% cited lack of transparency as major concerns.
  • ASPM Becomes a Strategic Technology and Talent Investment Priority: 76% of respondents named Application Security Posture Management as their top investment focus for 2025. With organizations juggling multiple security tools across siloed teams, ASPM is emerging as the needed independent governance layer to provide unified risk mitigation for applications, tools and infrastructure. 64% of organizations are growing their AppSec teams, with 84 percent noting the role of the AppSec leader as now more important than ever. This reflects the shifting prioritization toward securing the application layer as threats and complexity increase.
  • Supply Chain and Open-Source Threats Are Top Concerns: Supply chain vulnerabilities were noted as the most significant enterprise application threat by 84% of respondents. Open-source risks and cloud misconfigurations followed closely at 73%. Managing the sheer volume of vulnerabilities and false positives were the biggest challenges in securing code, cited by 78% of respondents. Speed of software development outpacing security priorities was also a concern for 71%, with 65% highlighting a lack of visibility across AppSec tools.

Purple Book Community Member Perspectives

“This is a defining moment for AppSec,” said Karthik Swarnam, Chief Security and Trust Officer for ArmorCode and Purple Book Community member. “Applications are now central to how businesses operate and compete. But as development accelerates with AI-generated code, we need stronger governance, deeper collaboration, and leaders who understand both software risk and velocity. That’s where the AppSec leader comes in and why more than 84 percent of survey respondents believe their role is more important now than it was a few years ago.”

“Visibility is always one of the industry’s biggest challenges,” said Mayank Joshi, Head of Cloud Security and GRC at NetApp. “With so many moving parts in modern software development, exacerbated by the fast adoption of AI-generated code, ASPM gives us the clarity we need to prioritize what matters most and connect all the dots.”

“With the rapid technological transformation in engineering and critical infrastructure—such as connected devices, Industry 4.0, and new regulations like the CRA and SOCI Act—product security is also becoming an imperative component of business strategy,” said Jagadish Namboodiri, Director of Global Product Cybersecurity Operations at Wabtec. “Product security is all about embedding cybersecurity into the product lifecycle holistically, right from drawing board till the end of life of the product, while improving the value and resiliency of the product to the customer and the business.”

“Software supply chain threats have emerged as one of the most significant concerns and risks in enterprise application security,” stated Mithun Rajoor, Head of Application and Infrastructure Security at S&P Global. “Application Security Posture Management (ASPM) enables us to comprehensively assess and mitigate these risks across both internal and third-party components, spanning applications, infrastructure, and code. At S&P Global, we are integrating our threat response across these domains to holistically enhance our overall security posture.”

Purple Book Connect at RSAC

The research findings are also being discussed at the Purple Book Community’s PBC Connect Event on Monday, April 28 at RSAC, where notable security leaders are sharing strategies for scaling application security in fast-paced, AI-driven development environments through multiple panel discussions.

Additional Resources:

Research Methodology

ArmorCode surveyed The Purple Book Community of security leaders, including chief information security officers (CISOs), other C-suite executives, application and product security leaders, directors and engineers, developers and more from March-April of 2025.

About ArmorCode

ArmorCode is on a mission to supercharge security teams with a new independent governance approach to reduce risk and burn down critical security technical debt. With its AI-powered ASPM Platform, driven by over 25 billion findings from over 285 ecosystem integrations, ArmorCode delivers a single, unbiased view of your risk across applications, infrastructure, containers, and cloud. ArmorCode unifies and normalizes findings, correlates them with business context and threat intel through adaptive risk scoring, and orchestrates security workflows to empower users to easily remediate issues. ArmorCode delivers unified visibility, AI-enhanced prioritization, remediation and scalable automation for customers so they can realize a complete understanding of risk, respond at scale, and collaborate more effectively.

Enterprises of all sizes, including dozens of Fortune 1000 companies, scale their security effectiveness by more than 10x and maximize their ROI on existing security investments with ArmorCode through managing Application Security Posture, Risk-Based Vulnerability Management, Software Supply Chain Security, DevSecOps, and Risk & Compliance. For more information, visit www.armorcode.com.

About The Purple Book Community

The Purple Book Community (PBC) is a network of over 450 software and cybersecurity leaders on a mission to democratize software security and solve its ever-evolving challenges. Through global virtual and in-person events, member-driven content, diverse initiatives, and publications like The Purple Book of Software Security, the community equips practitioners with the knowledge and tools to adopt secure development practices, mature their security programs, and advance their careers in cyber.

Learn more at www.thepurplebook.club.

Contacts