Software Developers Challenged to Stay Abreast of Security and Compliance Needs: AppSec Study

Four in 10 software developers struggle to keep up to date with current security and compliance issues, reports Security Compass.

Credit: Pixabay

Most developers believe their company has a mature security posture, but nearly half struggle to keep up to date with current security and compliance activities, said Security Compass, a security vendor from applications, in a new study.

The Canadian company based in Toronto in 2022 Developer Perspectives on Application Security The survey was conducted in the second quarter of 2022 and based on 250 respondents from the US and UK markets working in companies with annual turnover between $10 million and $10 billion.

What the Security Compass report tells us

Key findings from the study include:

  • According to the developers, the most important way to thwart security threats is through automated threat modeling; 46% said it was “mission critical” and 36% said it was “somewhat important”.
  • 42% of developers assigned security and compliance requirements struggle to keep up to date with current security and compliance activities.
  • 28% of respondents say that scope creep security complicates challenges, with an additional 19% saying security processes take too long.
  • Overall, developers are supportive of security training, with 32% of developers choosing to take training on their own; 63% of respondents said they had been mandated to do training.
  • Developers in small companies ($10M to $100M) were more than twice as likely (31% vs. 14%) as those in larger companies ($5B+) to use ad hoc or reagents to maintain versions of a security system. perspective.
  • On average, 34% of software requirements relate in some way to security and compliance, yet only 25% of organizations have taken security into the design stage of software development.

The importance of creating cyber-secure software

Rohit Sethi, Managing Director of Security Compass, explained that software developers need to build security into everything they do:

“When building secure software, developers should be system thinkers. Ideally, they commit to secure methods early in the design process, engage with security personnel and key stakeholders, and insist on tools automated cybersecurity tools that effectively guide them through the SDLC Software designed with the needs of software developers at the forefront is critical to the cybersecurity task, and companies that want to attract and support developers in their efforts to create cyber-resilient software must turn to integrated cybersecurity software.

Go home