Dr. Larry Ponemon and Susan Jayson of Ponemon Institute discuss the findings of their recent research study, “Revealing the Cultural Divide Between Application Security and Development,” sponsored by ZeroNorth.
A security risk that many organizations are not dealing with is the cultural divide between application security and developers. In this research sponsored by ZeroNorth, we refer to the cultural divide as the moment when AppSec and developers lack a common vision for delivering software capabilities required by the business—securely. As a result, AppSec and developers are less likely to work effectively as a team and achieve the goals of building and delivering code in a timely manner with security integrated throughout the application development process.
Have you heard about establishing a Federated Approach to application security? Securing DevOps and minimizing friction between application security and development teams requires a fundamental shift in focus, away from security tools, and toward a shared vision on how to deliver software quickly and securely.
Ponemon Institute surveyed 581 security practitioners who are involved in and knowledgeable about their organization’s software application security activities and 549 who are involved in and knowledgeable about their organization’s software application development process.