Innovation pressure leads to security steps being skipped
A new study shows that 70 percent of respondents 'frequently' or 'always' complete projects without carrying out all security steps, due to tight timelines and pressure to innovate.
The report from Invicti Security also shows that 78 percent of development and security respondents have suffered increased stress levels this year and 73 percent have actually considered quitting their job because of it.
Despite the well-known reputation for friction between the two groups, 76 percent feel they have a shared passion for security and work as one team that often collaborates to address security issues. This compares with only 17 percent who classified the relationship as 'frenemies' and seven percent 'strangers.'
A backlog of issues is also causing problems, according to respondents it would take two weeks per team member on average to address their organization's current backlog of security issues -- and that's if they don't work on anything else. Added to this, 78 percent say they are forced to perform manual verification of vulnerabilities always or frequently. False positives play a role in this with 96 percent reporting they are problematic at their organization, and 39 percent saying they increase friction between developers and security. When asked what it would take to solve the issue 60 percent name increased automation and 99 percent more integrations.
"While there is a growing recognition that security must be a core element of innovation, organizations continue to struggle to achieve that vision," says Mark Ralls, president and COO of Invicti. "It's on leaders to set the tone from the top down and drive culture shifts that increase emphasis on security while equipping teams with the powerful tools and workflows they need to make secure innovation a reality."
You can get the full report on the Invicti site and there's an infographic summary of the findings below.