What is product security? Why does it matter to an increasing number of organizations? These are questions we addressed in our original post, What is Product Security?, in March 2022. But, in the two years since, how has product security changed? How has it evolved as organizations across many sectors have invested considerable resources to build awareness around product security and stand up programs?
In 2021, a Ponemon Institute report revealed that over 40% of surveyed IT security professionals considered product security a priority. This sentiment was echoed in their detailed findings:
These numbers underscored the growing importance of product security in the corporate world at the time.
Fast forward to 2024, and the landscape of product security has evolved significantly. Today, product security is viewed as encompassing an entire ecosystem of software and hardware products. This larger context, called software supply chain security, has evolved into its own area of concern. 77% of CISOs believe to be a more significant blind spot for AppSec than generative AI or open source, according to one recent study.
Since 2022, the integration of product security within the development lifecycle, particularly in IoT and application security (AppSec), has become a standard practice. This shift aligns with the increasing sophistication of cyber threats and the need for robust, preemptive measures.
A lot can happen in just two years. Since we last answered this question for our readership in 2022, we've noted the following changes in product security as a discipline:
Product security in 2024 is more dynamic, data-driven, and integrated into the broader business and product strategy than it was in 2022, reflecting the rapid evolution of technology and cyber threats.
Traditionally, product security was about ensuring that devices and software were secure before reaching customers. This meant considering security aspects right from the design and development stages, rather than as an afterthought.
In 2024, this concept has expanded. Product security now includes a holistic view of the entire supply chain, leveraging automated and AI-driven tools for threat detection and management. With the continued rise in interconnected IoT devices, the focus on securing these devices has intensified, driven by the need to protect against potential vulnerabilities inherent in both software and hardware components.
The Finite State Next Generation Platform, specifically designed for connected devices and embedded systems, offers a comprehensive solution for modern product security challenges. In 2024, it features advanced capabilities such as extended SBOM management, aggregating data from over 150 external sources for a unified risk view, and offering actionable insights for vulnerability management. The Next Gen Platform not only assesses product security but also provides critical data and remediation guidance, significantly enhancing the security posture of connected devices and software supply chains.
What does the future of product security hold? With over 20 billion connected devices in use and this number steadily growing, the need for robust product security is more important now than ever. Finite State continues to lead the way, offering scalable and automated solutions that address the complex challenges of today’s product security landscape. As we look ahead, the integration of AI, comprehensive risk management, and regulatory compliance will remain key drivers in the ongoing evolution of product security.