Home » Topics » Cybersecurity » The current state of software security

The current state of software security

Avatar photoby Nick Ismail

Veracode have revealed insight from a survey of global developers and development managers on the current state of software security

The report, which was released today, underscores the importance of developer-led security in the age of DevOps, and showed that businesses are recognising the importance of securing applications.

Despite showing moves toward earlier and more frequent security testing throughout the development process, the survey results also indicated there are still hurdles development and security teams must overcome when it comes to securing applications.

>See also: How up-to-date is your software security training programme?

Moving into a period of stricter regulations, 52% of developers and managers cited sensitive data exposure as their top concern.

Increased recognition, earlier testing

According to the survey, 40% of developers are incorporating securing testing during the programming stage, and 21% identify the design stage as the point at which security testing is completed.

Testing early in the development process finds security defects in code at the point where it is the least costly to fix the defects.

The survey also shows that developers are recognising the importance of securing applications.

39% of developers responded that their number one concern is protecting applications from cyber attacks and data breaches.

>See also: The three golden rules for software security in the IoT

Traditionally, developers were not focused on securing applications, and this shift in mindset helps explain the new emphasis on early testing reported in the survey.

Improving for the future

Despite the fact developers recognise the importance of securing software and the need for early security testing, areas for improvement remain.

Developers are still dealing with security programmes that impede their development efforts.

The report, which included respondents from the US, UK and Germany, also showed 52% of developers felt application security testing often delays development and threatens deadlines, while only 25% of developers felt they have authority over decisions regarding application security.

>See also: The 7 most dangerous myths of software security

This lack of authority and impact of development timelines has the potential to decelerate the strides made in improving application security and making security part of the development process.

“In an age where continuous deployment and frequent innovation is critical to the success of business, it is unacceptable for security testing to hinder development efforts,” said Tim Jarrett, director of security at Veracode.

“As DevOps environments become a standard method of developing software, the industry has an opportunity to continuously improve the way it integrates security into the development process.”

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

DevOps

Related Stories

Cybersecurity

What can my organisation do about DDoS threats?

Nick Martindale looks into emerging DDoS attacks, what your organisation can do to reduce the threat, and the role that AI could play

Cybersecurity

CrowdStrike – what your organisation should do now

Nick Martindale explores what your organisation could do to handle another incident similar to CrowdStrike

Cybersecurity

Why the next Ashley Madison is just around the corner

Jason Haworth, Chief Product Officer at Botguard, urges businesses to take steps to avoid falling victim to the next big data breach

Cybersecurity

Fully Homomorphic Encryption (FHE) with silicon photonics – the future of secure computing

Nick New, CEO and founder of Optalysys, walks us through the opportunities and challenges in implementing Fully Homomorphic Encryption (FHE)