Unlocking sustainable security practices with secure coding education

2024-01-30 04:30

Despite stringent regulations and calls for 'security by design', organizations are still failing to equip teams with the knowledge to secure code, according to Security Journey.

The survey reveals a reactive approach when it comes to security education programs, with 68% of respondents only undertaking secure coding training because of a compliance need or in response to an exploit.

"While organizations are turning to AppSec tools and AI to secure their outputs, these tools only act as a safety net and knowledgeable human intervention is needed to prevent and remediate insecure code from the outset. Organizations need to prioritize education programs that are expertly curated, tailored to roles, and continuously reinforced to ensure knowledge retention," added Ferrara.

Secure coding education is the key to unlocking more sustainable security practices within application development.

48% report only training annually, bi-annually or when an incident occurs, and of those organizations that undertake secure coding training, over 50% have programs that are not customized to users' needs.

"The current application security landscape is deeply concerning and it's clear from this research that secure coding education is not yet up to scratch in most organizations. While it is positive to see many organizations doing training, it is worrying that this appears to be done with the intent to comply with regulations rather than develop secure code, and that the focus still remains on speed to market rather than instilling a secure culture around application development," said Larry Ponemon, Chairman and Founder of the Ponemon Institute.

News URL

https://www.helpnetsecurity.com/2024/01/30/secure-coding-education-importance/

#security