Immersive Labs released a report with Osterman Research outlining the human factors preventing secure application development. The analysis found the vast majority (81%) of development teams had knowingly pushed vulnerable code live, with 20% of senior managers even admitting to doing so ‘often’. The research found low confidence in application security in general, with only half of all CISOs (50%) believing secure applications could be developed and just 44% of all security teams believing their company could withstand a SolarWinds style attack on their build environment.
The survey of 260 Development and Security teams in large organizations seeks to understand human issues in the Software Development Lifecycle as part of the launch of a new Immersive Labs’ product which continually upskills development and engineering teams. These issues include:
- Overworked and under-resourced teams struggle to shift left: Only 39% of security teams have sufficient time and resources to support the required ‘shift left’ to help the development of secure code. Only 54% of security respondents believe developers understand the latest threats to application security.
- A hazardous disconnect exists between front-line developers and their managers: Only 27% of front-line development teams see security as their responsibility, yet 80% of their senior managers believe it is. This shows a worrying disconnect and lack of security culture in the SDLC between the people creating strategy and those at the coal face.
- Information sharing and training lags behind the dynamic attack environment: Only half of security teams offer training to application security teams quarterly or more regularly which 50% say is still classroom based. As a result, 45% of development teams feel their understanding of the latest application attacks is lacking.
“Securing applications is perhaps the biggest security issue facing organizations today,” said James Hadley, CEO of Immersive Labs. “As with anything in cybersecurity, doing so is as much a human challenge as it is a technical one. The relationships people have, the stress they are under, the personal development they get and the culture that binds them are as important as any electronic countermeasure. To improve this, information sharing and personal progression through skills development are crucial. At Immersive Labs, we realize this and have put it at the center of a new platform designed to gradually improve the skills of development teams – allowing security to be embedded from the outset.”
More information on the new Immersive Labs for Development and Engineering Teams can be found here.