Progress announced the launch of Progress Data Cloud, a managed Data Platform as a Service designed to simplify enterprise data and artificial intelligence (AI) operations in the cloud.
Addressing Software Exposure Within the DevOps Cycle
August 16, 2018
There once was a time in software development where developers could design, build and then think about their software's security. However in today's highly connected, API-driven application environment, this approach is simply too risky as it exposes the software to vulnerabilities.
To help organizations better understand the evolving nature of software delivery and the critical role security plays from start to finish, a new report, Managing Software Exposure: Time to Fully Embed Security into Your Application Lifecycle, was released by Checkmarx in coordination with FreeForm Dynamics and The Register. The results identify challenges associated with software exposure and security within the DevOps cycle and how organizations can best overcome them.
Among key findings:
Gaps exist between theory and practice when it comes to security's role in DevOps
96 percent of respondents reported that it is "desirable" or "highly desirable" for developers to be properly trained on how to produce secure code
Although there is no how-to guide when it comes to security today, the study found that a major gap exists between what's needed and what's actually in place among organizations surveyed. In fact, 96 percent of respondents reported that it is "desirable" or "highly desirable" for developers to be properly trained on how to produce secure code. Yet, 41 percent still agree that defining clear ownership and responsibility in relation to software security remains a challenge.
While true that there is an apparent desire for a "shift left" approach, ops teams can't be the only ones responsible for implementing it. Developers must not be overlooked when it comes to security and should actually be the ones pioneering an earlier adoption of security within the development process. Which leads us to the question of, why isn't this already happening if both parties consider it a priority?
According to the study, just 11 percent of respondents say they have adequately addressed the need for developer education in this area. Therefore, it's clear that more can be done from an organizational perspective to encourage a "shift left" approach within DevOps.
Don't alienate the C-Suite from security conversations
Now more than ever, c-level executives need to understand the crucial role security plays within their organizations. It takes just one data breach or hack for a brand's reputation to completely crumble, leaving C-level executives responsible and often times blind-sided.
45 percent of respondents still find it challenging to secure senior management approval for funding and security training
According to the survey, 57 percent of respondents "strongly agree" or "agree" with the statement that software security is now a boardroom issue. It's a matter of business risk. To ensure greater software security, developers and security teams must have the support from their executive teams. The catch? 45 percent of respondents still find it challenging to secure senior management approval for funding and security training. A catch-22 when circling back to the gap that exists between theory and practice as it relates to security's role in DevOps.
Furthermore, 44 percent of those surveyed felt that executives don't actually care about how quickly, frequently and safely developers deliver software, it just needs to be done.
Everyone involved with the DevOps cycle needs to work together
72 percent of respondents agree that different teams and disciplines within IT are still too reluctant to trust and work with one another
Developers, testers, security specialists and ops staff need to work together in order to be successful. It's not news that there has been a culture of inefficiency and miscommunication between developer and operations teams. The report found that even though DevOps culture removes many of the barriers between these two departments, 72 percent of respondents still agree that different teams and disciplines within IT are still too reluctant to trust and work with one another.
The bottomline is that in order to prevent software exposure throughout the development lifecycle, it is essential that we first work to resolve the issue of ownership and responsibility, helping to unite employees of diverse skill levels and experiences igniting a sense of mutual trust and respect.
Industry News
January 23, 2025
January 23, 2025
Sonar announced the release of its latest Long-Term Active (LTA) version, SonarQube Server 2025 Release 1 (2025.1).
January 23, 2025
Idera announced the launch of Sembi, a multi-brand entity created to unify its premier software quality and security solutions under a single umbrella.
January 22, 2025
Postman announced the Postman AI Agent Builder, a suite empowering developers to quickly design, test, and deploy intelligent agents by combining LLMs, APIs, and workflows into a unified solution.
January 22, 2025
The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, announced the graduation of CubeFS.
January 21, 2025
BrowserStack and Bitrise announced a strategic partnership to revolutionize mobile app quality assurance.
January 16, 2025
Mendix, a Siemens business, announced the general availability of Mendix 10.18.
January 16, 2025
Red Hat announced the general availability of Red Hat OpenShift Virtualization Engine, a new edition of Red Hat OpenShift that provides a dedicated way for organizations to access the proven virtualization functionality already available within Red Hat OpenShift.
January 16, 2025
Contrast Security announced the release of Application Vulnerability Monitoring (AVM), a new capability of Application Detection and Response (ADR).
January 15, 2025
Red Hat announced the general availability of Red Hat Connectivity Link, a hybrid multicloud application connectivity solution that provides a modern approach to connecting disparate applications and infrastructure.
January 15, 2025
Appfire announced 7pace Timetracker for Jira is live in the Atlassian Marketplace.
January 14, 2025
SmartBear announced the availability of SmartBear API Hub featuring HaloAI, an advanced AI-driven capability being introduced across SmartBear's product portfolio, and SmartBear Insight Hub.
January 14, 2025
Azul announced that the integrated risk management practices for its OpenJDK solutions fully support the stability, resilience and integrity requirements in meeting the European Union’s Digital Operational Resilience Act (DORA) provisions.
January 14, 2025
OpsVerse announced a significantly enhanced DevOps copilot, Aiden 2.0.
