The same 10 software vulnerabilities have caused more security breaches in the last 20+ years than any others. And yet, many businesses still opt for post-breach, post-event remediation, muddling through the human and business ramifications of it all. But now, a new research study points to a new, human-led direction.
The following discusses insights derived from a study conducted by Secure Code Warrior with Evans Data Corp titled ‘Shifting from reaction to prevention: The changing face of application security’ (2021) exploring developers attitudes towards secure coding, secure code practices, and security operations. Read the report.
In the study, developers and development managers were asked about their common secure coding practices. The top three methods highlighted were:
- Scanning applications for irregularities or vulnerabilities after they are deployed
- Scrutinizing write code to inspect for irregularities or vulnerabilities
- The reuse of pre-approved code that is known to be secure
Developers still view secure code practices as a reactive practice but slowly acknowledge it as a human issue with a focus on starting left.
So what is this telling us? Two of the…