App Devs Prioritize Security but Frustrations Remain
Software developers are beginning to understand the importance of bringing security testing in at an early stage in the development process, but many are frustrated by current testing methods, according to Veracode.
The application security vendor polled 351 developers from the US, UK and Germany to better understand security in the age of DevOps.
On the plus side it found organizations paying more attention to the issue of application security.
Some 40% of developers now incorporate some form of security testing into the programming stage, with 21% doing so at the design stage. When it comes to app security, the earlier on such testing is done the easier and cheaper problems are to fix.
Tied to those findings is the fact that 39% of respondents claimed they now rate protecting software from breaches and cyber-attacks as their number one priority – a significant improvement.
Also, 52% of developers and managers cited sensitive data exposure as their top concern.
However, despite this shift in mindset on the part of developers, there remain frustrations and challenges.
Over half (52%) of developers said they felt app security testing often delays development and threatens deadlines, according to Veracode, and fewer than a quarter of respondents claimed they have authority over decisions related to application security.
“In an age where continuous deployment and frequent innovation is critical to the success of business, it is unacceptable for security testing to hinder development efforts,” said Tim Jarrett, director of security at Veracode, in a statement.
“As DevOps environments become a standard method of developing software, the industry has an opportunity to continuously improve the way it integrates security into the development process.”
Interestingly, respondents varied in their attitudes to security depending on geography.
In Germany and the UK, 40% of developers said stopping cyber-attacks and breaches were their top concern, but the figure dropped to 34% in the US.
Source: Information Security Magazine