Purple Book Community and ArmorCode Announce New Research, ‘The Rise of the AppSec Leader'

SAN FRANCISCO--(BUSINESS WIRE)--RSAC 2025 – ArmorCode, the leading Application Security Posture Management (ASPM) platform, in partnership with the Purple Book Community (PBC), a community of senior security leaders, today released 'The Rise of the AppSec Leader.' The new research, which surveyed CISOs and other security leaders, found that ASPM is becoming a strategic investment priority (76 percent), largely due to major increases in AI-generated code, with 92 percent reporting insecure code as a concern. Sixty-five percent believe AI will significantly reshape the AppSec function, making the role of the AppSec leader more important now than ever to protect enterprises rapidly transformed by AI, cloud-native development and rising application threats.
As organizations become digital-first and rapidly adopt generative AI for software development, code is being created faster than ever while adding new security gaps. The research finds that AppSec leaders are growing in importance to solve this challenge by protecting enterprise applications, bridging development and security, guiding secure AI use, and harnessing platforms like ASPM for visibility and independent governance over increasingly fragmented environments.
Key Findings:
AI Is Reshaping AppSec Programs: 86% of respondents are already using or exploring generative AI tools in their security programs. Meanwhile, 65% believe AI will significantly reshape the AppSec function in the next year. Among those who have encountered issues with AI-generated code, 92% reported insecure code and 83% cited lack of transparency as major concerns.
ASPM Becomes a Strategic Technology and Talent Investment Priority: 76% of respondents named Application Security Posture Management as their top investment focus for 2025. With organizations juggling multiple security tools across siloed teams, ASPM is emerging as the needed independent governance layer to provide unified risk mitigation for applications, tools and infrastructure. 64% of organizations are growing their AppSec teams, with 84 percent noting the role of the AppSec leader as now more important than ever. This reflects the shifting prioritization toward securing the application layer as threats and complexity increase.
Supply Chain and Open-Source Threats Are Top Concerns: Supply chain vulnerabilities were noted as the most significant enterprise application threat by 84% of respondents. Open-source risks and cloud misconfigurations followed closely at 73%. Managing the sheer volume of vulnerabilities and false positives were the biggest challenges in securing code, cited by 78% of respondents. Speed of software development outpacing security priorities was also a concern for 71%, with 65% highlighting a lack of visibility across AppSec tools.
Purple Book Community Member Perspectives
'This is a defining moment for AppSec,' said Karthik Swarnam, Chief Security and Trust Officer for ArmorCode and Purple Book Community member. 'Applications are now central to how businesses operate and compete. But as development accelerates with AI-generated code, we need stronger governance, deeper collaboration, and leaders who understand both software risk and velocity. That's where the AppSec leader comes in and why more than 84 percent of survey respondents believe their role is more important now than it was a few years ago.'
'Visibility is always one of the industry's biggest challenges,' said Mayank Joshi, Head of Cloud Security and GRC at NetApp. 'With so many moving parts in modern software development, exacerbated by the fast adoption of AI-generated code, ASPM gives us the clarity we need to prioritize what matters most and connect all the dots.'
'With the rapid technological transformation in engineering and critical infrastructure—such as connected devices, Industry 4.0, and new regulations like the CRA and SOCI Act—product security is also becoming an imperative component of business strategy,' said Jagadish Namboodiri, Director of Global Product Cybersecurity Operations at Wabtec. 'Product security is all about embedding cybersecurity into the product lifecycle holistically, right from drawing board till the end of life of the product, while improving the value and resiliency of the product to the customer and the business.'
'Software supply chain threats have emerged as one of the most significant concerns and risks in enterprise application security,' stated Mithun Rajoor, Head of Application and Infrastructure Security at S&P Global. 'Application Security Posture Management (ASPM) enables us to comprehensively assess and mitigate these risks across both internal and third-party components, spanning applications, infrastructure, and code. At S&P Global, we are integrating our threat response across these domains to holistically enhance our overall security posture.'
Purple Book Connect at RSAC
The research findings are also being discussed at the Purple Book Community's PBC Connect Event on Monday, April 28 at RSAC, where notable security leaders are sharing strategies for scaling application security in fast-paced, AI-driven development environments through multiple panel discussions.
Additional Resources:
Read more about the Rise of the AppSec Leader Research
Learn more about the ArmorCode ASPM Platform at ArmorCode.com
Meet the ArmorCode team in person at the RSA Conference 2025 Expo in booth S-3339
Research Methodology
ArmorCode surveyed The Purple Book Community of security leaders, including chief information security officers (CISOs), other C-suite executives, application and product security leaders, directors and engineers, developers and more from March-April of 2025.
About ArmorCode
ArmorCode is on a mission to supercharge security teams with a new independent governance approach to reduce risk and burn down critical security technical debt. With its AI-powered ASPM Platform, driven by over 25 billion findings from over 285 ecosystem integrations, ArmorCode delivers a single, unbiased view of your risk across applications, infrastructure, containers, and cloud. ArmorCode unifies and normalizes findings, correlates them with business context and threat intel through adaptive risk scoring, and orchestrates security workflows to empower users to easily remediate issues. ArmorCode delivers unified visibility, AI-enhanced prioritization, remediation and scalable automation for customers so they can realize a complete understanding of risk, respond at scale, and collaborate more effectively.
Enterprises of all sizes, including dozens of Fortune 1000 companies, scale their security effectiveness by more than 10x and maximize their ROI on existing security investments with ArmorCode through managing Application Security Posture, Risk-Based Vulnerability Management, Software Supply Chain Security, DevSecOps, and Risk & Compliance. For more information, visit www.armorcode.com.
About The Purple Book Community
The Purple Book Community (PBC) is a network of over 450 software and cybersecurity leaders on a mission to democratize software security and solve its ever-evolving challenges. Through global virtual and in-person events, member-driven content, diverse initiatives, and publications like The Purple Book of Software Security, the community equips practitioners with the knowledge and tools to adopt secure development practices, mature their security programs, and advance their careers in cyber.
Learn more at www.thepurplebook.club.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Yahoo

13-06-2025

• Yahoo

Ranjay Sarda Named 40 Under 40 Honoree by Elite Business Awards: Building a Mission-Driven Global Talent Powerhouse

Proud Moment: Holding the Torch of Recognition Legacy in the Making: Ranjay Sarda Honored with 40 Under 40 Distinction A Voice for Purpose: Ranjay Sarda Takes the Stage at the Business Elite Awards MIAMI, June 13, 2025 (GLOBE NEWSWIRE) -- The ARM Group is thrilled to announce that Ranjay Sarda, Co-Founder & CEO of The ARM Group, and Founder of KARM Global and The ARM Group of Properties, has been named a 2025 Elite Business Awards 40 Under 40 honoree. The award recognizes outstanding young leaders who are driving transformation across industries—and few embody that better than Ranjay. 'Winning this award is not just a personal honor, but a testament to the team that believed in the crazy dream of making hiring more human—and more global,' said Ranjay. 'We built this from the ground up, and we're just getting started.' From architecting global workforce solutions to pioneering platforms with purpose, Ranjay's career reflects relentless grit, deep empathy, and a bold commitment to building companies that change with a mission to bridge the gap between talent and opportunity, The ARM Group has rapidly scaled into a globally respected recruitment firm with hiring capabilities in 60+ countries and offices across India, the United States, and Europe. From Boston to Bangalore, Sydney to San Jose, Munich to Mumbai, and Beijing to Baltimore, ARM's reach is international—but its mindset remains deeply personal. 'Our success isn't just about placements—it's about stories,' Ranjay explains. 'Every candidate we help, every family we uplift—it fuels us to keep building.'Inside The ARM Group, the culture is as progressive as its global reach. With 300% year-over-year growth, the company has become one of the fastest-growing recruitment firms in the world—powered by a team that is motivated, mission-driven, and having fun doing it. What makes ARM stand out? Unlimited PTO ARMstice Day: An annual day off for employees to rest, reflect, or recharge An inclusive, laughter-filled environment where ideas—and people—thrive One of the best places to start your career: Early-career professionals are mentored, supported, and celebrated And don't just take our word for it—our Google Reviews say it all. 'We've built a company where people want to show up—not because they have to, but because they get to,' says Ranjay. 'We lead with purpose, but we also lead with joy.'At the core of The ARM Group's culture lies its unique ARMor Code, a set of values that drive every decision, every interaction, and every hire: Ownership – Step up, stay accountable Hustler Mentality – Relentless energy meets results Positive Thinking – See solutions, not problems Poise – Calm, clear-headed leadership Authenticity – Real people. Real conversations. This values-first approach has built a strong, resilient, and connected workforce that delivers excellence around the 40 Under 40 story isn't just about growth—it's about giving. As part of his mission, he donates a portion of The ARM Group's total revenue to Smile Train, a global nonprofit that provides life-changing cleft surgeries to children in need. 'So far, we've helped hundreds of kids smile,' Ranjay shares. 'That's the most meaningful KPI I'll ever track.'In addition to leading The ARM Group, Ranjay is also the founder of KARM Global, a people-focused technology platform often described as 'LinkedIn and Tinder's purpose-driven baby.' He also leads The ARM Group of Properties, a growing venture that reimagines spaces where people live, work, and grow. What ties all his ventures together? A simple belief: people deserve to The ARM Group continues to scale, it's also hiring exceptional talent across functions. Whether you're an industry veteran or just starting out, this is your sign to jump in. 'If you're someone who wants to be part of a mission to help people find jobs and reshape lives,' says Ranjay, 'reach out. Let's do something amazing—together.' About The ARM GroupThe ARM Group is a global recruitment and talent strategy firm with hiring capabilities in 60+ countries. Headquartered in the U.S. with offices in India and Europe, the company partners with organizations worldwide to deliver scalable, human-centric hiring solutions. Powered by the ARMor Code, fueled by a 300% growth engine, and committed to an employee-first culture, The ARM Group is redefining the world of recruitment—one placement, one smile at a time. Media Contact:press@ ARM Photos accompanying this announcement are available at: in to access your portfolio

Yahoo

02-06-2025

• Yahoo

June is Automotive Service Professionals Month

A Perfect Time to Thank the Pros that Keep Vehicles on the Road LEESBURG, Va., June 2, 2025 /PRNewswire/ -- With the summer driving season underway, the National Institute for Automotive Service Excellence (ASE) has designated June as Automotive Service Professionals Month (ASPM) to honor the vehicle service professionals from coast to coast who keep vehicles running smoothly and motorists on the road. Automotive service professionals play a critical role in communities nationwide, working in general repair shops, dealerships and service stations. They help ensure that vehicles remain safe and reliable for everyday use. With modern vehicles becoming increasingly complex and equipped with cutting-edge technology, today's technicians must continually expand their knowledge and skills to keep pace with the latest advancements in automotive systems. ASE makes it easy for car owners to identify technicians who meet high standards of skill and expertise. Those who earn ASE Certification and display the Blue Seal of Excellence have demonstrated both hands-on experience and success taking rigorous exams. To maintain their credentials, ASE Certified professionals must renew their certifications every five years, taking challenging exams to ensure they stay current with changing technologies and industry best practices. "Automotive Service Professionals Month offers an opportunity to highlight the expertise and dedication of technicians and other vehicle service specialists," said Dave Johnson, ASE president and CEO. "ASE encourages everyone to take this opportunity to recognize and thank these skilled individuals for the vital services they provide each and every day." To learn more about ASE and the benefits to motorists, visit About the National Institute for Automotive Service Excellence (ASE)Established in 1972 as a non-profit organization, the National Institute for Automotive Service Excellence (ASE) is a driving force in the transportation industry. As an independent third party, ASE upholds and promotes high standards of service and repair through the assessment, certification and credentialing of current and future industry professionals, and the prestigious ASE Blue Seal logo identifies professionals who possess the essential knowledge and skills to perform with excellence. Today, there are approximately 220,000 ASE Certified professionals at work in dealerships, independent shops, collision repair shops, auto parts stores, fleets, schools and colleges throughout the country. For more information about ASE, visit View original content to download multimedia: SOURCE National Institute for Automotive Service Excellence (ASE)

Forbes

30-05-2025

• Forbes

The Future Of AI Is Specialization

With 16+ years in cybersecurity, Édouard Viot, CTO of Symbiotic Security, is a hacker at heart and an innovator in AppSec, WAFs and EDR. The rapid evolution of AI has led to an important realization: the infrastructure, training costs and ongoing reinforcement learning required to maintain a generalist AI model are astronomical, impractical and unsustainable. In my opinion, the future belongs instead to hyperspecialized AI models that are tailored to excel in hyper-specific domains. Fundamentally, using a large language model (LLM) for a hyper-specialized task is like using a sledgehammer to crack a nut: it's not the most efficient tool for the job. So instead of relying on large, resource-intensive models for every task, the industry is shifting toward domain-specific AI agents. For example, AI specializing in code security would outperform a general-purpose model like ChatGPT when it comes to detecting and remediating vulnerabilities. In fact, we ran an internal study on this topic that you can find here. Agentic AI substantially increases these capabilities. Agentic AI is a solution engineered to function independently by making decisions, executing actions and adjusting dynamically to evolving conditions with minimal human oversight. Take, for example, an agent specialized not just in code security, but specific families of vulnerabilities, such as XSS, SQL injection and buffer overflow. In these cases, AI can adapt to the type of vulnerability it has detected and route the user to proper, hyper-focused resources for remediation and/or training. The agentic approach can also be used to chain AI models. Using a slightly different example, let's say the user is working with Terraform code. Within the workspace, one agentic AI can be used to remediate vulnerabilities in the code in Terraform and then route to another agent that will check the syntax to make sure that everything is correct. This will provide better results, but will also lead to increased latency. All of this raises a fundamental question: Do we really need general-purpose AI models that know everything? The answer is increasingly clear—no, we don't. What we need is AI that is exceptional at a specific task, delivering high performance with lower compute costs. The advantages extend beyond efficiency: hyperspecialized AI reduces latency, improves accuracy and even lowers environmental impact due to reduced resource consumption. Hyperspecialized models can have an outsized impact in areas that call for both accuracy and flexibility. Looking again at cybersecurity, different AI techniques can work together to make the whole process faster and more efficient. For instance, machine learning models, trained on large datasets of known threats and safe software, are great at classification. They can quickly spot anomalies, categorize vulnerabilities and reduce false alarms during automated scans. This is a huge win for security teams, who can then focus on higher-level strategy and incident response rather than sifting through endless alerts. Meanwhile, LLMs shine when it comes to code-related tasks, in that they can generate specific fixes across a range of programming languages. This means developers don't have to be experts in every single language; they can rely on an LLM to create targeted solutions that fit the situation at hand. Bringing these two approaches together—machine learning for classification and LLMs for code generation—creates an effective combination that addresses both identification and remediation of security issues. Not only does this save time and resources, but it also bolsters an organization's overall security posture by delivering quick, precise results. The productivity gains from AI-driven automation are undeniable. In software development, AI can function like an outsourced team, accelerating coding efforts and reducing development timelines. However, this speed comes with a trade-off: without proper oversight, AI-generated code can, and does, introduce security vulnerabilities, leading to increased risk. In fact, a recent Stanford study has shown, among other things, that participants "who had access to an AI assistant wrote significantly less secure code than those without access to an assistant." It also found that participants with access to an AI assistant were also more likely to believe they wrote secure code, suggesting that such tools may lead users to be overconfident about security flaws in their code. Rather than replacing developers, AI is transforming their role. Developers will shift from being pure coders to acting as AI controllers and overseers, ensuring that AI-generated output meets security and quality standards. This evolution places a greater emphasis on critical thinking and judgment, elevating the role of developers within organizations. As AI models become more widely available, the competitive edge will shift towards data quality and specialization. Large, general-purpose models require immense investment, but hyperspecialization allows smaller players to compete effectively. This disrupts the traditional AI hierarchy, potentially enabling new innovators to challenge the dominance of tech giants. AI is increasingly learning from human interactions, a concept known as reinforcement learning. Using the case of code security again, if a developer modifies AI-suggested remediation code before accepting it, the AI can learn from this adjustment and refine its future recommendations. This continuous feedback loop allows AI to evolve based on real-world usage, improving accuracy and effectiveness over time. It's important to note, however, that for an AI to be truly self-improving, the capabilities of the human interacting with it need to be taken into consideration. In fact, only with that awareness should the reinforcement learning be adjusted. If the developer modifying the suggested remediation code makes those changes without understanding the root problem, and as a result, the changes are ill-advised or wrong, learning from that interaction would be detrimental to the AI. As AI advances, hyperspecialization will become the dominant strategy for enterprises seeking cost-effective, high-performance solutions. The era of trying to build a single AI that does everything is giving way to a more practical approach: deploying multiple smaller, task-specific AIs that are more efficient, precise and ultimately more beneficial for organizations and society. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?