A new survey finds 78% of IT and security professionals think security is important enough to delay application deployment.
Dark Reading surveyed 173 IT and cybersecurity pros on a variety of topics related to application security, software development practices, commercial software use, and the relationship between enterprise IT security groups and software development teams.
The results reveal many organizations have shifted — and continue to shift — some security testing practices further left, or earlier, in the software development lifecycle. They also show continued improvements over the past year on broad attitudes toward the adoption of secure development processes, DevOps, DevSecOps, and application security assessment and remediation practices. Among respondents, 72% perceive the average application developer at their organization as being either "very knowledgeable" or "somewhat knowledgeable" about security.
Other survey highlights include:
- 34% believe attackers with deep knowledge of application vulnerabilities present the greatest threat to app security.
- 52% say incidents like the SolarWinds breach have caused changes in their evaluation and vetting processes for third-party app providers; 53% describe such apps as putting them at greater risk of a breach.
- 49% of organizations have an agile development process and have either fully or partially adopted a DevOps approach to software development.
- 59% of respondents believe their organization is either "very knowledgeable" or "knowledgeable" about remediating new app vulnerabilities.
- 41% of organizations treat API security the same as Web application security.
Download Dark Reading's report How Enterprises Are Developing Secure Applications here.