Over 70% of Organizations Have Shifted AppSec Responsibility to Developers, Survey Shows
WhiteSource’s survey of 650 developers reveals how application security change of ownership is impacting secure coding practices
WhiteSource, the leader in open source security and license compliance management, released today the results of their recent survey, which examined how developers are coping with the increased complexity of application security.
The survey gathered responses from 650 developers in North America and Western Europe about how their organizations handle the day-to-day operational responsibility for application security from identification to remediation. It found:
- 71% of the organizations have shifted ownership of day-to-day operational responsibility for application vulnerabilities to software development teams
- This has led developers to think differently about security, as 58% stated they view security as a top priority
- Security is also driving implementation of DevSecOps practices, as companies that have shifted responsibility to developers are almost four times more likely to integrate application security testing such as SCA and SAST to their IDEs and repositories
- Organizations are recognizing this shift in ownership and are taking steps to empower developers to handle security, with 56% of developers stating their companies provide security training on a regular basis. North American respondents cited greater investment than those from Europe
“The survey results reflect what we have been hearing from our partners and customers, which is that vulnerability management tools must meet the needs of the teams using them,” said WhiteSource CTO Doron Cohen. “This is why we’ve created WhiteSource for Developers, a developer-focused solution to help close the loop from alerts to remediation, automating processes to enable developers to keep up their pace without sacrificing quality or security.”
About Mend.io
Trusted by the world’s leading companies, including IBM, Google, and Comcast, Mend.io offers a full-spectrum application security platform designed to help leading organizations build and manage mature AppSec programs, enabling them to stop chasing vulnerabilities and start proactively managing application risk.