In today???s fast-paced world, companies are racing to bring new, innovative software to market first. In order to keep up with the speed of innovation, many organizations are shifting toward DevSecOps. DevSecOps brings security to the front of the software development lifecycle, allowing for both fast deployments and secure applications. Despite the fact that DevSecOps is able to meet the needs of both developers and security professionals, the teams are laser-focused on their own metrics and objectives, making it a challenge to align. This is further exacerbated by the fact that most security teams lack an understanding of modern application development practices and most developers lack secure code training.
Veracode recently sponsored Enterprise Strategy Group???s (ESG) research on modern developers and security professionals in North America to better understand the dynamic between the roles and to find ways to bridge the gap. The main objectives of the research were to: ﾂ?ﾂ?
- Examine the buying intentions of application security teams and developers regarding application security solutions. Gauge buyer preferences for different types of vendors??? application security solutions.
- Determine the extent to which security teams understand modern development and deployment practices, and where security controls are required to mitigate risk.
- Understand the trigger points influencing application security investments and how decision-makers are prioritizing and timing purchasing decisions.
- Gain insight into the dynamics between development teams and security teams with respect to the deployment and management of application security solutions.
The findings from the research support the misalignment between developers and security professionals, reinforcing the lack of security training for developers and promoting the need for security tools to be integrated and automated into the developers existing processes. The research also presents some unexpected discoveries. Many respondents admit to releasing vulnerable code due to time constraints and not having the metrics to prove if their AppSec program is successful.
Join Enterprise Strategy Group Senior Analyst Dave Gruber and award-winning security writer and host of the Smashing Security podcast Graham Cluley as they sit down with Veracode???s Co-Founder and CTO Chris Wysopal and Chief Research Officer Chris Eng to unveil more findings from the survey. The panel will not only discuss the results, they will explain how your organization can use these conclusions to improve the relationship between your developers and security professionals while also strengthening your AppSec program. ﾂ?
Click here to sign up for the exclusive Black Hat webinar on August 4, 2020, from 11:00 AM-11:45 AM ET.
*** This is a Security Bloggers Network syndicated blog from Application Security Research, News, and Education Blog authored by firstname.lastname@example.org (hgoslin). Read the original post at: https://www.veracode.com/blog/security-news/new-data-reveals-how-appsec-adapting-new-development-realities