All Synopsys
Silicon Design & Verification Silicon IP Software Integrity About Us
Support
SolvNet Software Integrity
Global Sites
日本サイ ト 中文网站 中文網站 Сайт Россия

Software Integrity Blog

«
»
 

A lack of software security training puts companies at risk

Posted by on Monday, January 22nd, 2018

Infographic: A lack of software security training puts companies at risk

An old proverb states that if you give a man a fish, you feed him for a day; but, if you teach a man to fish, you feed him for life. Software security training aligns very well with this proverb.

The majority of developers don’t come equipped with security skills. In fact 95% of software security bugs are caused by just 19 programming flaws. And yet, only 2.8% of undergraduate computer science programs require a security course.

There also aren’t enough security pros to find and fix defects. There are over 1 million unfilled security jobs globally. 34.5% of security managers have trouble implementing security projects, owing to lack of staff expertise. 64% of companies say they struggle to train staff to manage the growing number and complexity of security tools. It even took 7% longer in 2015 than in 2011 to find the problem and fix it during a breach.

The solution? Software security training.

What does software security training do?

Software security training:

  • Reduces the risk of a cyber attack by up to 70%
  • Reduces the cost of a data breach by $8 per record, from $154 to $146
  • Helps retain staff. In fact, 35% of cyber security professionals say employer-supported training and certification incentivizes them to stay in their jobs

How can you prepare your team?

Anyone can drop a line and hook a single fish. But it takes expertise to manage evolving security threats. Make sure you are building security skills for the long run. The most successful training programs:

  • Are taught by security practitioners and developers, not academics
  • Tailor their approach to different roles and levels of experience
  • Emphasize current, real-life examples
  • Incorporate interactive exercises
  • Match your security policies and development workflow
  • Measure performance and progress
  • Provide resources to ensure compliance
  • Can be extended to new hires and partners
  • Fit your schedule

 

Learn more about instructor-led and online software security training resources.

Get started

This post is filed under General, Security Training.
 

More by this author

Be the first to know

Get the latest AppSec news and trends sent directly to you.