News

Software Security: The Buck (Now) Stops With Developers

Giulio Saggin
Giulio Saggin
Tuesday 28 November 2023

In this ever-changing online world, software developers have "started playing a leading role in the day-to-day operational responsibility for application security ... as information security teams testing products before release become irrelevant," writes cyber security company, WhiteSource, after polling over 600 developers.

Of those polled, 71% stated ownership lies in the software development side, whether it is by the DevOps teams, development team leaders or the developers themselves, as fixing a security vulnerability in the software development process ... produces better-secured applications from the get-go.

Turning more ownership over to developers has been noticeable in smaller organisations, which often have more freedom to define new processes, while SMEs and larger businesses are gradually following suit. Placing developers in charge of security has seen a change in their mindset and most view security as a top priority while coding.

Previously, it was standard procedure to review software security before a release, with any issues referred back to developers. The trend now is that the build stage ranks highly - 30% - as a testing point, while even more - 36% - are integrating security testing tools before the build stage.

Companies are investing in testing tools, training, and time spent on handling security vulnerabilities. However, "the integration of automated application security testing tools is bombarding developers with security alerts, which developers are now required to research and remediate," with "42% reporting they spend between 2-12 hours a month on these tasks, while another 33% say that they spend 12-36 hours on them."

If you're 'bombarded with security alerts' and want to stay informed about vulnerabilities, subscribe to SecAlerts and receive a free weekly report of CVEs and security news relating to your stack.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203