Security News > 2021 > July > Who is responsible for improving security in the software development environment?

The survey evaluated the opinions of over 1,000 information security professionals, developers and executives in the IT and software development industries.

Despite this certainty, there is no alignment between security and development teams on which team should be responsible for improving security in the software build and distribution environments.

When asked who is primarily responsible for improving the security of their organization's software development environment, 48 percent of respondents say their security teams are responsible and 48 percent say their development teams are responsible.

"SUNBURST made it absolutely clear that every organization must take urgent, substantive actions to change the way we secure software build pipelines. The only way to reduce these risks is to dramatically improve the security of the development pipeline and the software it delivers. However, if we can't even agree on who is responsible for taking these actions it's pretty clear that we aren't even close to making meaningful changes. Anyone hoping this problem has been addressed is kidding themselves."

When asked who should be responsible for the security of their organization's software build process, 58 percent of security respondents say it should be their responsibility and 53 percent of developer respondents say it should be theirs.

"Speed of innovation and security are inseparable in software development. In the same way a Formula 1 engineer builds for performance and safety at the same time, software developers also need to be accountable for both. To accomplish this, developers clearly need help and support from security teams. Boards, CEOs, and managing directors need to take action to ensure clear lines of ownership so changes are in place, and they can hold teams accountable."

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/xJWJCwo81M8/