6 security risks in software development and how to address them

CIOs and their IT departments face significant business pressure to modernize applications, improve customer experiences, migrate applications to the cloud, and automate workflows. Agile development and devops comprise the cultures, practices, tools, and automations that enable software development teams to achieve these goals and deliver business value with greater quality and in faster release cycles.

The most advanced development teams have fully automated continuous integration and continuous delivery (CI/CD) pipelines with integrated test automation and deploy with infrastructure as code. They connect change management and incident management workflows with agile development tools and use AIops platforms to find the root causes of production issues faster.

Yet security issues in software development persist. In ESG’s Modern Application Development Security research, only 36% of respondents rate their application security program a 9 or 10, while 66% said that application security tools protect less than 75% of their codebase, and 48% acknowledged that they push vulnerable code into production regularly.

These security shortcomings are not for lack of technology, consulting, or security service providers. The Cybersecurity Almanac 2020 identifies more than 3,500 potential security partners. Ultimately, the key to delivering business value while minimizing security risks in sofware development is clearly defining security principles and communicating them to software development teams.

Here are six risks that CIOs and IT leaders should focus on and ways to address them.

Risk #1: Not treating security as a first-class devops citizen

It’s easy to say the organization puts security first, and many organizations do follow best security practices in agile and devops. But with infosec often understaffed compared to the number of development teams, it’s easy to see how other business and technical debt priorities dominate agile team backlogs and why security practices are not adopted uniformly across the organization.

Copyright © 2021 IDG Communications, Inc.

Source link