Study finds that nearly 50% of developers find it challenging to stay up to date with current security and compliance-related activities
Security Compass, a leading cybersecurity solution provider, has published the results of a research study examining developer views on application security, including the challenges and opportunities they face in their secure development efforts. The report, “2022 Developer Perspectives on Application Security,” provides a deep dive into security maturity, threats, requirements, tools, resources, and training.
“When building secure software, developers must be system thinkers. Ideally, they engage secure methods early in the design process, engage with key security personnel and stakeholders and insist on automated cybersecurity tools that efficiently guide them throughout the SDLC”
In order for software developers and security teams to effectively collaborate and ensure that a company’s software products are secure, developers need automated, current, relevant, and actionable JITT training embedded into their development tools and processes. Security Compass’ research found that while most developers believe their enterprise has a mature security posture, almost half find it challenging to stay up to date with current security and compliance-related activities. The “2022 Developer Perspectives on Application Security” study raises awareness about how automation can solve many challenges for developers in secure application development.
Latest ITechnology News: Buoyant Releases Linkerd 2.12 to Advance Zero-Trust Approach in Kubernetes Deployments
Key takeaways from the study include:
- The number one most important means to thwarting security threats according to developers is automated threat modeling (46% claiming it was “mission critical” and another 36% indicating it was “quite important”).
- 42% of developers who have been assigned requirements related to security and compliance find it challenging to stay up to date with current security and compliance-related activities.
- 28% of respondents claim that scope “creep” in security compounds challenges, with another 19% believing that security processes take too much time.
- Overall, developers are in favor of security training, with 32% of developers opting to pursue training on their own (63% of respondents reported being mandated to do training).
- Developers from smaller companies ($10M to $100M) were more than twice as likely (31% vs. 14%) as those from the largest companies ($5B+) to use ad hoc or reactive means to “gate-keep” releases from a security perspective.
- On average, 34% of software requirements are related in some way to security and compliance, yet only 25% of companies have shifted security left into the Design Stage of software development.
Latest ITechnology News: Capital One Joins Open Source Security Foundation
“When building secure software, developers must be system thinkers. Ideally, they engage secure methods early in the design process, engage with key security personnel and stakeholders and insist on automated cybersecurity tools that efficiently guide them throughout the SDLC,” said Rohit Sethi, CEO of Security Compass. “Software built with the needs of software developers at the forefront is essential to the task of cybersecurity, and companies that want to attract and support developers in their efforts to build cyber-resilient software need to look to integrated cybersecurity software. This is reinforced by Security Compass’ study that software that provides just-in-time training (JITT) and guidelines for software developers is essential for accomplishing these goals.”
Latest ITechnology News: NTT DATA and Cardinality.ai Form Strategic Alliance to Accelerate Digital Modernization for Government
[To share your insights with us, please write to sghosh@martechseries.com]