Software Integrity Blog
A lack of software security training puts companies at risk
If you give a man a fish, you feed him for a day. But if you teach a man to fish, you feed him for life. Software security training works very similarly.
An old proverb states that if you give a man a fish, you feed him for a day; but, if you teach a man to fish, you feed him for life. Software security training aligns very well with this proverb.
The majority of developers don’t come equipped with security skills. In fact 95% of software security bugs are caused by just 19 programming flaws. And yet, only 2.8% of undergraduate computer science programs require a security course.
There also aren’t enough security pros to find and fix defects. There are over 1 million unfilled security jobs globally. 34.5% of security managers have trouble implementing security projects, owing to lack of staff expertise. 64% of companies say they struggle to train staff to manage the growing number and complexity of security tools. It even took 7% longer in 2015 than in 2011 to find the problem and fix it during a breach.
The solution? Software security training.
What does software security training do?
Software security training:
- Reduces the risk of a cyber attack by up to 70%
- Reduces the cost of a data breach by $8 per record, from $154 to $146
- Helps retain staff. In fact, 35% of cyber security professionals say employer-supported training and certification incentivizes them to stay in their jobs
How can you prepare your team?
Anyone can drop a line and hook a single fish. But it takes expertise to manage evolving security threats. Make sure you are building security skills for the long run. The most successful training programs:
- Are taught by security practitioners and developers, not academics
- Tailor their approach to different roles and levels of experience
- Emphasize current, real-life examples
- Incorporate interactive exercises
- Match your security policies and development workflow
- Measure performance and progress
- Provide resources to ensure compliance
- Can be extended to new hires and partners
- Fit your schedule
More by this author
- Agile, CI/CD & DevOps
- Application Security
- Automotive Cyber Security
- Cloud Security
- Container Security
- Data Breach Security
- Developer Enablement
- Featured
- Financial Cyber Security
- Fuzz Testing
- Healthcare Security & Privacy
- Interactive Application Security Testing (IAST)
- IoT Security
- Medical Device Security
- Mergers & Acquisitions
- Mobile App Security
- News & Announcements
- Open Source Security
- Security Training & Awareness
- Software Architecture & Design
- Software Compliance, Quality & Standards
- Software Composition Analysis (SCA)
- Software Security Program
- Software Security Research
- Static Analysis (SAST)
- Web Application Security
- Webinars