Get the Most From Your Software Development Testing Budget

The rising cost of security professionals, which has a compound annual growth rate (CAGR) of 7.8% through 2020, is intersecting the nearly flat overall IT budget (CAGR of 1.3%) of most industry enterprises, causing a problem for security and risk management leaders, in particular CISOs and application development executives. The question being asked is, "How do I leverage my existing resources better, while trying to maintain a responsible security posture?"



Five Tips for Getting the Most From Your Secure Software Development Testing Budget

In their research report Five Tips for Getting the Most From Your Secure Software Development Testing Budget, Gartner provides recommendations for maximizing your spend and increasing your impact.


Download the full report to overcome the following challenges:

  • Many organizations run security tests in their production facilities as part of their agile or DevOps development. This limits the scope, quality and efficacy of some kinds of system security tests.
  • Penetration testers are usually brought in near the end of the development cycle, when changes are expensive and have a large impact. This causes delayed deadlines and risk acceptances.
  • Valuable security testing results fall off as the testers become too familiar with code, features and design. The assumption that all the critical vulnerabilities have been found can result in a false sense of security.
  • Failing to transfer security knowledge into the development teams remains an important source of security debt.



Download the report

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.