Who Owns Application Security in Your Organisation?
Reading a report from May 2021, I found some interesting statistics: 81% of developers admit to knowingly releasing vulnerable apps, and 76% underwent stress to cut mobile security for efficiency. Those stats highlight developers are to blame, but are they solely responsible?
More exciting insight from the report: 20% of senior management often signed off on vulnerable apps, while 80% appeared to blame developers for not doing their job correctly. At the same time, developers are blaming a lack of support.
The ongoing discussion of why software and apps with vulnerabilities make it to market could be for any reason, with multiple stakeholders and areas affected.
Software development security is ______ responsibility
The first and most crucial idea that all stakeholders from Product Management, to security, to Operations, Development, Project and even the C-suite need to realise is that security is?everyone's?responsibility.?
Development cannot blame the lack of resourcing. Likewise, management cannot blame developers for not doing their job correctly, and Operations cannot blame overwork when failing to install upgrades and patches promptly.
领英推荐
There are standards, tools, and guidance to help implement secure development practices in your DevSecOps activities. An area I focus on heavily supporting businesses in Australia & New Zealand.
How can I be responsible and not know security??
Exactly, how can we shift blame when we aren't ensuring we know 'why'. One of the domains I have noticed a lot of businesses are lacking is the education of their staff. From top to bottom, organisations offer little to no enablement and training to ensure continuous security throughout the organisation, especially the software development lifecycle.
Not only is everyone responsible for security, but the business is solely responsible for educating its staff. Enablement is key to ensuring everyone understands their responsibility and provides security to the highest standard.
Report referenced: https://cms.immersivelabs.com/content/uploads/2021/05/imperfect-people-vulnerable-applications-immersive-labs-and-osterman-research--may-2021.pdf