LATEST INTELLIGENCE
MODERN APPLICATION DEVELOPMENT SECURITY
DevSecOps has moved security front and
centre in the world of modern development ; however , security and development teams are driven by different metrics , making objective alignment challenging .
This is further exacerbated by the fact that most security teams lack an understanding of modern application development practices . The move to microservicesdriven architectures and the use of containers and serverless has shifted the dynamics of how developers build , test , and deploy code . As a result , a convergence of application security tools is underway . Organisations are overwhelmed with the amount of and overlap in issues raised from multiple testing tools , complicating prioritisation and mitigation , so integrated application security platforms are desired .
In order to gain insight into these trends , ESG surveyed 378 IT , cybersecurity , and application development professionals at organisations in North America ( US and Canada ) involved with securing application development tools and processes .
Despite good programs , most still regularly push vulnerable code
Most think their application security program is pretty good
Most organisations think that their application security programs are pretty good , with more than a third providing a rating of 9 or 10 and an overall mean of 7.92 . This favorable assessment reflects continued investment and coverage levels in application security programs over the past few years .
Still , code coverage is far from complete , with only 34 % using AppSec tools on more than three-quarters of their codebase .
Having a good application security program doesn ’ t mean that organisations don ’ t still push vulnerable code . The difference is that those that push such code do so knowingly and with a thorough understanding of the risks that they are taking . Application security requires a constant triage of potential risks , involving prioritisation decisions that allow development teams to mitigate risk while still meeting key deadlines for delivery . Note that vulnerabilities discovered too late in the cycle often don ’ t get mitigated , reinforcing the importance of shifting application security as far left as possible to leave enough runway to resolve critical issues in time for delivery . p
PRESENTED BY
www . intelligentcio . com INTELLIGENTCIO AFRICA 17