Research study provides a deep dive into the level of maturity and knowledge of application security in developers, to better understand developers’ needs in the market
Security Compass, a leading cybersecurity solution provider, has published the results of a new research report, “2022 DevSecOps Perspectives on AppSec Training”. This study was designed to examine the maturity and approaches of application security training and certification for software developers, and to better understand organizational views on its effectiveness and the challenges teams face with application security training.
“Security professionals, especially developers, are increasingly looking for new and innovative ways to up their application security game”
When it comes to application security training and the necessary reference materials, Security Compass’ research found that security teams and developers may be aligned on what is needed, but the delivery of these requirements leaves room for improvement. Security Compass’ “2022 DevSecOps Perspectives on AppSec Training” emphasizes the frustrations developers experience with current eLearning options in application security training, while offering effective solutions. The study provides insight into current certifications, education and self-learning undertaken by individuals and organizations that develop custom software.
Latest ITechnology News: Spirent and Nokia Collaborate to Demonstrate 800G Interoperability Public Test
While the top types of application security training offered by companies were eLearning courses from a catalog and interactive content, one of the leading frustrations experienced by the development community were a lack of interactive content and a lack of programming language specific content. Security Compass aims to showcase how appsec eLearning advances the careers of individuals in software development, and the reputation of organizations that support them; the value of appsec security generally, and the use of “Just in Time Training” and leaderboards as tactical means to advance the use of secure software development; and insights into the current certifications, education and self-learning undertaken by individuals and provided by organizations that develop custom software.
Key takeaways from the study include:
- 40% of respondents indicate their company provides interactive content, yet a lack of interactive content remains a top frustration.
- In total, 75% of respondents indicated they had to look up security related topics regularly – once or twice a week (54%) or daily (21%).
- The best time that was chosen to do secure development training was during code implementation.
- 37% of developers stated that implementing new code to satisfy security requirements was the most costly and time consuming activity they perform. This research showed that the most effective content and security platforms were updated annually.
Latest ITechnology News: Sesame Software to Showcase Instant Data Warehouse and Fully Automated Data Pipelines at Oracle CloudWorld
“Security professionals, especially developers, are increasingly looking for new and innovative ways to up their application security game,” said Trevor Young, Chief Product Officer, Security Compass. “Through this study, it was our goal to gain insight from software development practitioners into their desired levels and types of application security training and certifications, along with various organizational approaches and views into their effectiveness. With this deeper understanding of the maturity levels and knowledge of application security in developers, we are able to better provide solutions for developers’ needs within the market.”
Latest ITechnology News: The Ocient Hyperscale Data Warehouse Is Now Generally Available in AWS Marketplace
[To share your insights with us, please write to sghosh@martechseries.com]