Virtualization Technology News and Information
Security Compass Releases New Study: 2022 DevSecOps Perspectives on AppSec Training

Security Compass has published the results of a new research report, "2022 DevSecOps Perspectives on AppSec Training". This study was designed to examine the maturity and approaches of application security training and certification for software developers, and to better understand organizational views on its effectiveness and the challenges teams face with application security training.

When it comes to application security training and the necessary reference materials, Security Compass' research found that security teams and developers may be aligned on what is needed, but the delivery of these requirements leaves room for improvement. Security Compass' "2022 DevSecOps Perspectives on AppSec Training" emphasizes the frustrations developers experience with current eLearning options in application security training, while offering effective solutions. The study provides insight into current certifications, education and self-learning undertaken by individuals and organizations that develop custom software.

While the top types of application security training offered by companies were eLearning courses from a catalog and interactive content, one of the leading frustrations experienced by the development community were a lack of interactive content and a lack of programming language specific content. Security Compass aims to showcase how appsec eLearning advances the careers of individuals in software development, and the reputation of organizations that support them; the value of appsec security generally, and the use of "Just in Time Training" and leaderboards as tactical means to advance the use of secure software development; and insights into the current certifications, education and self-learning undertaken by individuals and provided by organizations that develop custom software.

Key takeaways from the study include:

  • 40% of respondents indicate their company provides interactive content, yet a lack of interactive content remains a top frustration.
  • In total, 75% of respondents indicated they had to look up security related topics regularly - once or twice a week (54%) or daily (21%).
  • The best time that was chosen to do secure development training was during code implementation.
  • 37% of developers stated that implementing new code to satisfy security requirements was the most costly and time consuming activity they perform. This research showed that the most effective content and security platforms were updated annually.

"Security professionals, especially developers, are increasingly looking for new and innovative ways to up their application security game," said Trevor Young, Chief Product Officer, Security Compass. "Through this study, it was our goal to gain insight from software development practitioners into their desired levels and types of application security training and certifications, along with various organizational approaches and views into their effectiveness. With this deeper understanding of the maturity levels and knowledge of application security in developers, we are able to better provide solutions for developers' needs within the market."

To view the full "2022 DevSecOps Perspectives on AppSec Training" research report and learn more, click here.
Published Wednesday, November 09, 2022 9:57 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2022>