Software Integrity Blog

«
»
 

A lack of software security training puts companies at risk

Posted by on Monday, January 22nd, 2018

If you give a man a fish, you feed him for a day. But if you teach a man to fish, you feed him for life. Software security training works very similarly.

Infographic: A lack of software security training puts companies at risk

An old proverb states that if you give a man a fish, you feed him for a day; but, if you teach a man to fish, you feed him for life. Software security training aligns very well with this proverb.

The majority of developers don’t come equipped with security skills. In fact 95% of software security bugs are caused by just 19 programming flaws. And yet, only 2.8% of undergraduate computer science programs require a security course.

There also aren’t enough security pros to find and fix defects. There are over 1 million unfilled security jobs globally. 34.5% of security managers have trouble implementing security projects, owing to lack of staff expertise. 64% of companies say they struggle to train staff to manage the growing number and complexity of security tools. It even took 7% longer in 2015 than in 2011 to find the problem and fix it during a breach.

The solution? Software security training.

What does software security training do?

Software security training:

  • Reduces the risk of a cyber attack by up to 70%
  • Reduces the cost of a data breach by $8 per record, from $154 to $146
  • Helps retain staff. In fact, 35% of cyber security professionals say employer-supported training and certification incentivizes them to stay in their jobs

How can you prepare your team?

Anyone can drop a line and hook a single fish. But it takes expertise to manage evolving security threats. Make sure you are building security skills for the long run. The most successful training programs:

  • Are taught by security practitioners and developers, not academics
  • Tailor their approach to different roles and levels of experience
  • Emphasize current, real-life examples
  • Incorporate interactive exercises
  • Match your security policies and development workflow
  • Measure performance and progress
  • Provide resources to ensure compliance
  • Can be extended to new hires and partners
  • Fit your schedule

Learn more about software security training resources

This post is filed under Security Training & Awareness.
 

More by this author

Be the first to know

Don’t miss the latest AppSec news and trends every Friday.

Subscribe to the blog