Security Compass Releases New Study: 2022 DevSecOps Perspectives on AppSec Training
Research study provides a deep dive into the level of maturity and knowledge of application security in developers, to better understand developers’ needs in the market
TORONTO – Nov. 9, 2022 – Security Compass, a leading cybersecurity solution provider, has published the results of a new research report, “2022 DevSecOps Perspectives on AppSec Training”. This study was designed to examine the maturity and approaches of application security training and certification for software developers, and to better understand organizational views on its effectiveness and the challenges teams face with application security training.
When it comes to application security training and the necessary reference materials, Security Compass’ research found that security teams and developers may be aligned on what is needed, but the delivery of these requirements leaves room for improvement. Security Compass’ “2022 DevSecOps Perspectives on AppSec Training” emphasizes the frustrations developers experience with current eLearning options in application security training, while offering effective solutions. The study provides insight into current certifications, education and self-learning undertaken by individuals and organizations that develop custom software.
While the top types of application security training offered by companies were eLearning courses from a catalog and interactive content, one of the leading frustrations experienced by the development community were a lack of interactive content and a lack of programming language specific content. Security Compass aims to showcase how appsec eLearning advances the careers of individuals in software development, and the reputation of organizations that support them; the value of appsec security generally, and the use of “Just in Time Training” and leaderboards as tactical means to advance the use of secure software development; and insights into the current certifications, education and self-learning undertaken by individuals and provided by organizations that develop custom software.
Key takeaways from the study include:
- 40% of respondents indicate their company provides interactive content, yet a lack of interactive content remains a top frustration.
- In total, 75% of respondents indicated they had to look up security related topics regularly – once or twice a week (54%) or daily (21%).
- The best time that was chosen to do secure development training was during code implementation.
- 37% of developers stated that implementing new code to satisfy security requirements was the most costly and time consuming activity they perform. This research showed that the most effective content and security platforms were updated annually.
“Security professionals, especially developers, are increasingly looking for new and innovative ways to up their application security game,” said Trevor Young, Chief Product Officer, Security Compass. “Through this study, it was our goal to gain insight from software development practitioners into their desired levels and types of application security training and certifications, along with various organizational approaches and views into their effectiveness. With this deeper understanding of the maturity levels and knowledge of application security in developers, we are able to better provide solutions for developers’ needs within the market.”
To view the full “2022 DevSecOps Perspectives on AppSec Training”research report and learn more, click here. To watch a recording of Security Compass’ recent webinar discussing the results of this report, please click here.
About the Survey
Security Compass commissioned Golfdale Consulting to conduct this survey research project. The survey was conducted in Q3 2022 and was based on 200 respondents from the US and Canadian markets working in companies ranging from$50M to $10B+ in revenue. This study was conducted within organizations across the U.S. and Canada in the technology, banking, insurance, pharma, healthcare, manufacturing (companies that make software), and energy/utilities industries. The respondents were from companies that produce their own custom software, and they were part of the software development, Dev Ops, or Application Security teams.
About Security Compass
Security Compass, a pioneer in application security, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, helps organizations accelerate software time to market and reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. Security Compass is a trusted eLearning solutions provider, offering a full suite of on-demand, role-based courses that cover various programming languages, cloud solutions, and IaC tools. For more information, please visit www.securitycompass.com.