Security News > 2023 > November > CISOs vs. developers: A battle over security priorities

There is a clear disconnect and even some distrust between CISOs and developers related to how security-conscious each department is within the organization, who is responsible for preventing and mitigating security issues, how well CISOs understand developers' day-to-day tools, and how well developers understand the risk associated with aspects of their job and the tools they use.

Only 43% of developers believe that CISOs are "Very familiar" with how container images fit into their work, which is low when compared to other aspects of how developers perceive their security team to understand their work: open-source software libraries and projects, source code repositories and source code management systems, and software build tools.

93% of CISOs noted effective software security as a critical component of their organizational maturity and threat / risk mitigation strategy, and 96% say effective software security practices are important to meeting government or regulatory requirements.

69% of CISOs and 64% of developers agree that lack of communication and collaboration between developers and security teams is a problem.

According to the report, in alignment with the importance already placed on software supply chain security by developers and CISOs, most say that their organizations already have some tools in place to address software supply chain security.

These include the adoption of SBOMs and nearly half are implementing software supply chain security frameworks like SLSA and SSDF. In addition to the existing adoption of software supply chain security tooling and frameworks, CISOs and developers expect changes to come in the next five years for software supply chain security at their organizations.

News URL

https://www.helpnetsecurity.com/2023/11/13/ciso-developer-software-security-approach/