Veracode has released a new report, based on research conducted by industry analyst firm Freeform Dynamics, that sheds light on some of the obstacles for organizations seeking the advantages of a development approach that prioritizes application security, without sacrificing time-to-market and innovation. The report also offers evidence that integrating security throughout the development process – a methodology known as DevSecOps – creates a competitive advantage for top-performing organizations.
The vast majority of IT and business executives surveyed for the report identify application security as a top concern. According to the report, 74 percent of the respondents say security threats due to software vulnerabilities is a growing problem. Moreover, nearly all of the IT and business leaders surveyed (91 percent) say integrating security throughout the software development process is a priority for driving business success.
While 76 percent of survey respondents identify the importance of security testing early in the development process, just 1 in 5 surveyed believe their application security testing is keeping up with the demands of frequent releases.
Cultural and Process Obstacles to DevSecOps
DevSecOps is gaining ground in response to the twin challenges of frequent deployment of new software features and growing threats to applications, but IT and business leaders are concerned that cultural and process issues are blocking progress towards that goal. Just 24 percent of respondents to the survey say their organization’s culture and practices support collaboration between development, operations, and security. Similarly, only 24 percent believe senior management understands that security should not be sacrificed in favor of time-to-market.
While about one-third (32 percent) say their IT organization is very effective at integrating security earlier in the software development lifecycle, only 25 percent strongly agree that they have robust processes to continuously test for security vulnerabilities, which is a fundamental aspect of DevSecOps.
Positive Effects of DevSecOps
Despite these challenges, IT and business leaders at top-performing organizations describe how DevSecOps provides a competitive advantage. The research found that these “masters of software security” outperform those organizations who are further behind in adoption of DevSecOps. Masters of software security are:
* 2.6 times more likely to have security testing keep up with frequent app updates
* 2.4 times more likely to be leveraging security to enable new business opportunities
* 2.5 times more likely to be outpacing their competitors
* Have 50 percent higher profit growth and 40 percent higher revenue growth
Ayman Sayed, president and chief product officer, Veracode, said software security masters are the lodestars for other organizations seeking the advantages of DevSecOps. “Not only do they exemplify and represent the cultural mindset necessary to adapt and thrive in today’s dynamic market, they are influencing change within the industry while shaping the workplace of the future,” Sayed said.
Download the complete report, Integrating Security into the DNA of Your Software Lifecycle, for insights about how organizations can integrate security and continuous security testing into the software development processes