Virtualization Technology News and Information
Dev-Sec Convergence: New Research Details Progress and Challenges on the Road to Secure Innovation

Nearly all organizations are increasing their investment in application security this year, but they continue to struggle to fully embrace secure innovation. A new market study released by Invicti Security, Application Security and the Innovation Imperative, examines how companies are contending with the strategic need to innovate and the existential risk posed by cyber threats. 

Conducted in partnership with Wakefield Research, the report is based on a survey of 600 executives and hands-on-keyboard practitioners across security, development and DevOps. Respondents spanned more than 20 industries including manufacturing, technology, government, retail, and education. 

The findings reveal both encouraging trends and continued challenges: 

  • Tight timelines and innovation pressures for those on the front lines mean skipped security steps. And, integration is still a work in progress: 70% of respondents "frequently" or "always" complete projects without carrying out all security steps. Additionally, integration into the software development life cycle (SDLC) is lacking, with only 20% reporting they have fully shifted left and another third in the "messy middle." The repercussions of this are clear, with one in three issues under remediation making it to production without being caught in the dev or test stages.
  • Dev and sec are collectively stressed out, but the animosity between the two groups has been exaggerated: An eye-popping 78% of dev and sec respondents suffered increased stress levels this year and 73% actually considered quitting their job because of this stress. Despite the well-known reputation for friction between the two groups, 76% feel they have a shared passion for security and work as one team that often collaborates to address security issues. This compares with only 17% who classified the relationship as "frenemies" and 7% "strangers."
  • Underpowered tools and manual processes impede efficiency, but practitioners know what it will take to address the problem. It would take a whopping two weeks per team member on average to address their organization's current backlog of security issues - and that's if they don't work on anything else. Adding to this, 78% say they are forced to perform manual verification of vulnerabilities always or frequently. False positives no doubt play a role in this: 96% report they are problematic at their organization, and 39% say they increase friction between dev and sec. But these teams know what it will take to dig out of the mess: increased automation (60%) and more integrations (99%).

"While there is a growing recognition that security must be a core element of innovation, organizations continue to struggle to achieve that vision," said Mark Ralls, President & COO of Invicti. "It's on leaders to set the tone from the top down and drive culture shifts that increase emphasis on security while equipping teams with the powerful tools and workflows they need to make secure innovation a reality." 

Click here to access the full research report and here for the infographic reflecting the top five themes for leaders uncovered as a result of the analysis. 

Published Tuesday, October 26, 2021 12:27 PM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2021>