Skip to main content
March 25, 2015

Charting a New Course for Secure Software Development

The landscape of application software development is undergoing rapid transformation. New platforms for server and client, new development tools, new languages, newfound status, and new deployment methodologies mean the already quick pace of change has gotten faster.  In the meantime, developers must learn to chart this new course while building in and maintaining secure coding standards.

Despite increased public awareness of the repercussions of delivering insecure software, developers are still trying to reconcile their competing priorities. According to the recent Information Week App Dev Priorities Survey, only 25% of developers report having a corporate policy on secure coding standards that is actually enforced. Additionally, application developers have been taking on the responsibility of security despite this not being their primary expertise. This leads to questions on how development organizations can enable their teams to automate and embed security into their coding practices without negatively impacting productivity and product delivery timelines.

The good news is that there are opportunities for developers to rethink how they develop software and address security. Many respondents in the survey indicated a shift to Agile development – a methodology that promotes incremental improvement, simplified development cycles, and faster turnaround for security fixes. Another growing movement discussed in the survey– DevOps encompasses the concepts of Continuous Integration and Continuous Delivery, which also support the shift to more automated delivery cycles.

Perhaps the one area that poses a challenge to developers is the reliance on open source and other third-party components with varying levels of security.  While developers are aiming to speed up the development process, they will need to establish best practices to identify known vulnerabilities in such open source components and frameworks. The fact that 80% of respondents suggested that security is on their radar in some form is good news.  However, there is still work to be done for developers to adopt and automate secure coding standards across their organizations while rapidly developing and delivering software applications.



As part of the Solution Marketing and Global Demand team, Joanna leads marketing programs for Veracode’s secure development go-to-market strategy. She joined Veracode during the summer of 2014, and prior to that instilled solution and product marketing values at Software AG, Progress Software, and Novell. Here at Veracode she is quickly becoming notorious for her obsession with random trivia, music soundtracks and video production.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.