CIO Influence
CIO Influence News Security

Security Compass Releases New Study: 2022 Developer Perspectives on Application Security

Security Compass Releases New Study: 2022 Developer Perspectives on Application Security

Study finds that nearly 50% of developers find it challenging to stay up to date with current security and compliance-related activities

Security Compass, a leading cybersecurity solution provider, has published the results of a research study examining developer views on application security, including the challenges and opportunities they face in their secure development efforts. The report, “2022 Developer Perspectives on Application Security,” provides a deep dive into security maturity, threats, requirements, tools, resources, and training.

“When building secure software, developers must be system thinkers. Ideally, they engage secure methods early in the design process, engage with key security personnel and stakeholders and insist on automated cybersecurity tools that efficiently guide them throughout the SDLC”

In order for software developers and security teams to effectively collaborate and ensure that a company’s software products are secure, developers need automated, current, relevant, and actionable JITT training embedded into their development tools and processes. Security Compass’ research found that while most developers believe their enterprise has a mature security posture, almost half find it challenging to stay up to date with current security and compliance-related activities. The “2022 Developer Perspectives on Application Security” study raises awareness about how automation can solve many challenges for developers in secure application development.

Latest ITechnology News: Buoyant Releases Linkerd 2.12 to Advance Zero-Trust Approach in Kubernetes Deployments

Key takeaways from the study include:

  • The number one most important means to thwarting security threats according to developers is automated threat modeling (46% claiming it was “mission critical” and another 36% indicating it was “quite important”).
  • 42% of developers who have been assigned requirements related to security and compliance find it challenging to stay up to date with current security and compliance-related activities.
  • 28% of respondents claim that scope “creep” in security compounds challenges, with another 19% believing that security processes take too much time.
  • Overall, developers are in favor of security training, with 32% of developers opting to pursue training on their own (63% of respondents reported being mandated to do training).
  • Developers from smaller companies ($10M to $100M) were more than twice as likely (31% vs. 14%) as those from the largest companies ($5B+) to use ad hoc or reactive means to “gate-keep” releases from a security perspective.
  • On average, 34% of software requirements are related in some way to security and compliance, yet only 25% of companies have shifted security left into the Design Stage of software development.

Latest ITechnology News: Capital One Joins Open Source Security Foundation

“When building secure software, developers must be system thinkers. Ideally, they engage secure methods early in the design process, engage with key security personnel and stakeholders and insist on automated cybersecurity tools that efficiently guide them throughout the SDLC,” said Rohit Sethi, CEO of Security Compass. “Software built with the needs of software developers at the forefront is essential to the task of cybersecurity, and companies that want to attract and support developers in their efforts to build cyber-resilient software need to look to integrated cybersecurity software. This is reinforced by Security Compass’ study that software that provides just-in-time training (JITT) and guidelines for software developers is essential for accomplishing these goals.”

Related posts

IRONSCALES Announces Launch of GPT-powered Phishing Simulation Testing and Accidental Data Exposure Capabilities Email Protection for Enterprises

Business Wire

Forsta Announces Global Partnership with Phebi.AI

CIO Influence News Desk

Secure Thingz and IAR Systems Endorse Global Joint Statement For Consumer IoT security

CIO Influence News Desk