A joint research study between Security Innovation and the Ponemon Institute
Objective Understand the key habits of high performing application security organizations as they pertain to training, best practices/activities, policies, and tools usage.
Demographics 642 IT professionals (both executive and engineering positions) were asked 20 questions concerning tools usage, development team knowledge and security best practices
Most organizations are only taking minimal steps to address application security throughout their development process
A much higher percentage of executive-level respondents believe their organizations are following security procedures through the SDLC than do the engineers who are closest to executing the security processes
71% of executives believe that application security training is available and up to date; yet, only 20% of technical staff had the same answer
A joint research study between Security Innovation, IBM and the Ponemon Institute
Objective Measure the tolerance to risk across the established phases of application security and understand the various levels of an organization’s application security maturity (ASM) - skill levels, procedures followed, and tools adopted to create and deploy secure software applications
Demographics Over 800 Information/IT Security and Software Development professionals were survey
IT security practitioners are more positive than developers that their organization is making application security a top priority
There’s a significant divide between the IT Security and Development organizations that is caused by a major skills shortage and a fundamental misunderstanding of how an application security process should be developed.
44% of developers stated there is absolutely no collaboration between their development organization and the security organization when it comes to application security