In an encouraging sign for application security, enterprise organizations are conducting penetration tests more frequently and more broadly than before, data from a new Cobalt.io study suggests.

Unlike in the past where regulatory and other compliance mandates used to be the primary driver for these tests, organizations are now conducting them more to proactively detect and address security issues in their software, the study found.

Cobalt.io, which provides application penetration testing-as-a-service (PTaaS) to large and midsize organizations, recently commissioned a third-party firm to interview five of its customers. Among them were a global enterprise software provider, a publicly held global cloud communications provider, and a software-as-a-service (SaaS) provider. Company sizes ranged from those with thousands of employees to midsize firms with hundreds of employees.

Read more here.