The Intersection of AppSec and Compliance

AppSec Compliance

Publish Date

Sep 15, 2021

Written by

Dave Howell

Tagged with

  • AppSec Compliance

In May 2021, the White House issued an Executive Order (EO) focused on improving the United States’ cybersecurity posture. Among other things, the EO calls for enhancing software supply chain security and strengthening the security of software used by the Federal Government. In short, this EO puts application security (AppSec) front and center.

Beyond this EO, various regulatory and industry guidelines and mandates either imply or point directly to building stronger AppSec programs to protect private consumer information. For example, the Payment Card Industry (PCI) Data Security Standard (DSS), Health Insurance Portability & Accountability Act (HIPAA), the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) all have expectations that drive towards the need for robust application security.

We wanted to better understand how organizations think about AppSec in this context. To that end, we surveyed 168 security and technology professionals globally, including 85 in the United States, on a range of topics including:

  • Expectations regarding how the White House EO might impact AppSec for both government and commercial entities.
  • Perspectives on the need for industry and governmental mandates – and penalties for non-compliance – to spur efforts to increase AppSec.
  • The material impact compliance has on AppSec – both in terms of resources dedicated to such programs, as well as overall improvements in security.

The results of this study are available in a new research report published today by ZeroNorth – “Application Security, Executive Orders and Compliance.” To see the complete findings, you can read the report here.

eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles



How to Appease the Gods of Compliance Without a Human Sacrifice

By ZeroNorth Oct 28, 2020

Halloween is here, and while trick or treating may be cancelled because of the ongoing pandemic, the basics of the celebration remain the same: pumpkins, costumes, ...

Read More

Continuous Security

Is This Town Big Enough for Security AND Compliance?

By ZeroNorth Sep 10, 2020

In our final installment of a six-part series for CISOs who are looking to survive the “Wild West” of application security, we explore the sometimes tempestuous ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.