Developers Care About Security, but the Infosec Team Cares More – InApps 2022

Main Contents:

Developers Care About Security, but the Infosec Team Cares More – InApps is an article under the topic Devops Many of you are most interested in today !! Today, let’s InApps.net learn Developers Care About Security, but the Infosec Team Cares More – InApps in today’s post !

Read more about Developers Care About Security, but the Infosec Team Cares More – InApps at Wikipedia

You can find content about Developers Care About Security, but the Infosec Team Cares More – InApps from the Wikipedia website

Assuming that developers are lazy about security is unfair. In fact, a recent DZone survey of 540 developers about application security indicated 54 percent think that they, the developers, should be responsible for security. If you’re a security pro, you probably just groaned.

Developers care about security, just not to the same degree as their information security counterparts. Security is just one of many considerations while the infosec team is continuously focused on testing and compliance. In fact, according to the same DZone survey, 60 percent said that release schedules have overridden security concerns at their organization.

The SANS Institute’s 2017 State of Application Security: Balancing Speed and Risk provides more perspective with its survey of 214 IT professionals, two-thirds of which work in security-focused roles. When asked about the top challenges to implementing applications security to production systems, the top response was “bridging the gap between software development, security and compliance,” and the second most cited was “silos between security, development and business units.”

It appears that everyone knows that testing should be integrated into the entire software development lifecycle. Getting everyone to prioritize this is a different story. One of the biggest reasons for the continuing gap is that while testing is more likely to be a security responsibility, remediation falls into development’s laps.

According to the SANS Institute report, developers are the most likely to be responsible for taking corrective action, while internal and external security testers focus on identifying problems. There is widespread agreement that communication across job roles can align goals. Another way to improve a company’s security posture could be building cross-functional teams with designations such as DevOps or DevSecOps.

Can organizational and c-level commitment be the panacea for app security? If you know of other data sources showing a link, or lack of, between Infosec, DevOps, and AppDev, please let us know.

Feature image via Pixabay.

Source: InApps.net

Rate this post

Phu Nguyen

As a Senior Tech Enthusiast, I bring a decade of experience to the realm of tech writing, blending deep industry knowledge with a passion for storytelling. With expertise in software development to emerging tech trends like AI and IoT—my articles not only inform but also inspire. My journey in tech writing has been marked by a commitment to accuracy, clarity, and engaging storytelling, making me a trusted voice in the tech community.