Research: Imperfect People, Vulnerable Applications

Our latest study with Osterman Research explores the human elements that influence cyber risk in the Software Development Lifecycle. We found that 81% of developers have knowingly released vulnerable applications. 

Discover the factors that are contributing to the vulnerability epidemic.

A hazardous disconnect exists between front-line staff and their managers

Many front-line developers do not see security as their responsibility. Their senior managers disagree but are clearly failing to build a culture of ownership around security.

Under-resourced and overworked teams are struggling to shift left

Security and development teams do not have sufficient time and resources to support the necessary “shift left,” address prioritized vulnerabilities, or even work together effectively on the development of secure applications.

Information sharing and training lags behind a dynamic attack environment 

Security teams feel their understanding of the latest vulnerabilities and application attacks is lacking, as is that of development teams. Training is delivered too infrequently to keep pace with a dynamic threat environment. 

Security teams have little faith in the SDLC 

Only a minority of security teams believe their application build environment could withstand an attack similar to SolarWinds, with confidence low in application security as a whole.