Most developers admit releasing vulnerable applications
A new study shows that 81 percent of development teams have knowingly pushed vulnerable code live, with 20 percent of senior managers even admitting to doing so often.
The report from Immersive Labs based on work by Osterman Research shows low confidence in application security in general, with only half of CISOs believing secure applications could be developed and just 44 percent of all security teams believing their company could withstand a SolarWinds style attack on their build environment.
Of 260 security and development teams surveyed, only 39 percent of security teams say they have sufficient time and resources to support the required 'shift left' to help the development of secure code. While only 54 percent of security respondents believe developers understand the latest threats to application security.
Just 27 percent of front-line development teams see security as their responsibility, yet 80 percent of their senior managers believe it is, showing a worrying disconnect. Only half of security teams offer training to application security teams quarterly or more regularly, which 50 percent say is still classroom based. As a result, 45 percent of development teams feel their understanding of the latest application attacks is lacking.
"Securing applications is perhaps the biggest security issue facing organizations today," says James Hadley, CEO of Immersive Labs. "As with anything in cybersecurity, doing so is as much a human challenge as it is a technical one. The relationships people have, the stress they are under, the personal development they get and the culture that binds them are as important as any electronic countermeasure. To improve this, information sharing and personal progression through skills development are crucial. At Immersive Labs, we realize this and have put it at the center of a new platform designed to gradually improve the skills of development teams -- allowing security to be embedded from the outset.”
You can find out more on the Immersive Labs site.