Recognizing the need for faster, more automated development-to-production processes, almost 75% of organizations have adopted DevOps practices. Yet, security remains a significant gap.
In a 2021 Osterman Research study, just 56% of security professionals felt confident that their development and engineering teams could develop secure applications. Most organizations understand the importance of addressing security early in the software development lifecycle (SDLC). Nevertheless, security is still “bolted on” to application development projects due to cultural, training, and resource gaps.
Survey respondents expressed a desire to “shift left” and integrate security into every phase of the SDLC. However, only 42% of security practitioners said they had the time to address known security issues. Only 50% of front-line security pros and just 27% of front-line developers felt that application security is a critical part of their responsibilities. Not surprisingly, 81% of developers admitted to knowingly releasing vulnerable code.