Developers Are Taking Over AppSec
Application security is a top priority today for companies that are developing software. However, it is also becoming more challenging and complex as release frequency continues to rise and the requirements for data security are getting stricter. Thanks to new DevOps practices and tools, development cycles are getting shorter, allowing organizations to meet market demands and deliver a superior customer experience, but is application security keeping up? Application security has undergone a transition in recent years, as information security teams testing products before release became irrelevant, developers started playing a leading role in the day-to-day operational responsibility for application security.
This change has led to application security testing shifting left into early stages of software development in order to alert developers on security vulnerabilities when it is easier and quicker to remediate. Although these application security tools have helped to bring serious issues to developers’ attention earlier in the software development lifecycle (SDLC), there are still glaring inefficiencies that must be overcome. In hopes of a better understanding of how developers are dealing with their security responsibilities, we polled over 600 software developers. Their responses provide insights into how organizations are transferring application security responsibilities to support faster deployment cycles, the steps taken to support this transition and the challenges facing security and development teams.