According to a new study by Invicti Security, 70% of development teams always or frequently skip security steps due to time pressures when completing projects. This explains why, in the average organization, 33% of security issues in remediation at any given time come from production code.
Security and development teams spend every day inside a catch-22: relentless demand for continued digital innovation amid increasing security threats to a sprawling attack surface. While there are some bright spots emerging on the road to secure innovation, these professionals are stressed — and too often make bad choices.
The report by Invicti Security, “Application Security and the Innovation Imperative,” examines this pressure cooker and its impact on security practitioners, developers, and the executives who lead them. The report reveals the state of collaboration in the development sector today — pointing to areas that require further progress before security can become a required feature of innovation.
Fortunately, 86% of organizations have increased their focus on web application security in the past 12 months and are holding teams accountable for it, with developers and security in 57% of organizations held accountable to the same security KPIs. This culture shift is yielding results: 41% of security and development pros describe their relationships as like family (with a shared passion for security and working as one team), and another 36% said they are like “besties,” collaborating often to address security issues.
However, innovation priorities still outweigh security for most organizations. Only 20% of organizations have fully integrated security into development, leaving a large portion that keeps security teams siloed and devs and security at cross-purposes. While companies recognize the urgency of web app security, and security and devs want to collaborate deeply, executives need to continue to drive culture change to make secure innovation a reality.
Invicti Security surveyed 600 executives and practitioners spanning security, development, and DevOps.
Read the full report by Invicti Security.
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more
Source: Read Full Article