The findings reaffirm the importance of shifting security left in the development process, enabling development teams with ongoing training as well as tooling solutions that complement their current processes so they can code securely without negatively impacting their velocity.
Despite the best of intentions among security and development teams, finding common ground can be a real challenge. Both sides are driven by different—and often competing—metrics, making alignment even harder. Add the fact that most security teams lack an understanding of modern application development practices, including the move to microservices-driven architectures and the use of containers, and the gap between teams widens still further.
To determine the size of this gap, and the extent to which security teams understand modern development and deployment practices, Synopsys commissioned Enterprise Strategy Group (ESG), a leading IT analyst and research organization, to document insights into the dynamics between development teams and cybersecurity teams with respect to deployment and management of AppSec solutions.
Based on a survey of 378 qualified respondents in cybersecurity and application development, representing several industries, including manufacturing, financial services, construction/engineering, and business services, throughout the United States and Canada, the study underscores the need to address AppSec holistically throughout the development life cycle.
For example, among organizations knowingly pushing vulnerable code into production, 45% do so because the vulnerabilities identified were discovered too late in the cycle to resolve them in time. Additionally, 43% of respondents say integrations complementing high-velocity application development are most important to improving security programs.
But more tools aren’t the answer. Seventy-two percent of respondents already use more than 10 tools, increasing the complexity, time, resources, and effort of gaining actionable intelligence from them. The proliferation of tools is driving many organizations to invest in consolidation as they struggle to integrate and manage the number of tools they’re already using.
These findings reaffirm the importance of shifting security left in the development process, enabling development teams with ongoing training as well as tooling solutions that complement their current processes so they can code securely without negatively impacting their velocity.
To learn more, download the e-book, “Modern Application Development Security.”
Patrick is the Senior Director of Product Marketing for Synopsys Software Integrity Group where he is laser focused on bringing solutions to market that help development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity.