LambdaTest announced the launch of the HyperExecute MCP Server, an enhancement to its AI-native test orchestration platform, HyperExecute.
Security Teams and Software Developers Join Forces to Pursue Better Security
July 14, 2017
Despite the pervasive belief that security and development teams have conflicting priorities, initiatives such as creating DevOps environments and focusing on product innovation have the two teams aligned toward a common goal of creating secure software, according to a new study from Veracode, CA Technologies application security business.
Download Full Report Here(link is external)
In fact, according to the research, which was conducted in conjunction with Enterprise Strategy Group (ESG), 58 percent of survey respondents stated their organization is taking a collaborative approach to securing applications.
Growing Need for DevSecOps
The research aims to determine security and development professionals' views of application security and software development trends. Among respondents reporting their organization currently uses application security solutions like static application security testing, 43 percent report their organization does so because including application security in the development process is more efficient than reactively patching production systems.
Interestingly, 45 percent of respondents whose organization has adopted formal DevOps principles and best practices indicate DevOps makes the software development team's job easier, and only eight percent feel adding application security into the development process would slow down a DevOps environment. This is contrary to the common perception that a focus on security will slow down software development.
"Software continues to be the major driver of innovation and economic growth. Eliminating perception that there is friction between security and development is a priority for IT professionals," said Pete Chestna, Director of Developer Engagement, Veracode. "The positive perception of how security and DevOps can align, as indicated by this research, shows that development teams can and should consider security an integral part of their process."
This development could not come at a better time for businesses, as attacks leveraging software vulnerabilities are increasingly common and damaging. The WannaCry ransomware attack is the most recent example, exploiting a vulnerability in an older version of the Microsoft Windows operating system. While Microsoft had issued a patch for the vulnerability, thousands of organizations had not implemented the fix and became infected by WannaCry.
The research also indicates showed that nearly 70 percent of respondents plan to increase Application Security investments in the next 12 to 24 months. This increased investment further validates the growing importance of Application Security in the development process.
DevOps Influencing Technology Requirements
The research points to the need for application security to become an integrated part of the DevOps process – the combination increasingly known as DevSecOps – and that this need is both recognized and accepted. The data also highlights the technology requirements necessary to make DevSecOps a reality.
Tool complexity and the inability to integrate application security into the DevOps workflow are major obstacles to organizations deploying these tools effectively. In fact, the ability to integrate static software testing and software lifecycle tools (42 percent) and the ability to integrate dynamic software testing and software lifecycle tools (34 percent) into the application development and DevOps processes was the most cited consideration when evaluating static and dynamic application security testing products and services respectively.
"Contemporary application development methodologies such as DevOps foster communication and collaboration between the application development, operations and security teams with the goal of identifying and fixing vulnerabilities as early as possible to increase efficiency and enhance security," said Doug Cahill, Senior Analyst at ESG. "The increased adoption of DevOps combined with the eagerness to integrate and automate security testing throughout the entire software lifecycle indicates a shift towards DevSecOps, which means thinking of secure code as an element of creating quality code."
Methodology: The study, commissioned by Veracode and conducted by ESG, surveyed 400 IT professionals in the US, UK and Germany.
Industry News
April 14, 2025
Cloudflare announced Workers VPC and Workers VPC Private Link, new solutions that enable developers to build secure, global cross-cloud applications on Cloudflare Workers.
April 14, 2025
Nutrient announced a significant expansion of its cloud-based services, as well as a series of updates to its SDK products, aimed at enhancing the developer experience by allowing developers to build, scale, and innovate with less friction.
April 10, 2025
Check Point® Software Technologies Ltd.(link is external) announced that its Infinity Platform has been named the top-ranked AI-powered cyber security platform in the 2025 Miercom Assessment.
April 10, 2025
Orca Security announced the Orca Bitbucket App, a cloud-native seamless integration for scanning Bitbucket Repositories.
April 10, 2025
The Live API for Gemini models is now in Preview, enabling developers to start building and testing more robust, scalable applications with significantly higher rate limits.
April 09, 2025
Backslash Security(link is external) announced significant adoption of the Backslash App Graph, the industry’s first dynamic digital twin for application code.
April 09, 2025
SmartBear launched API Hub for Test, a new capability within the company’s API Hub, powered by Swagger.
April 09, 2025
Akamai Technologies introduced App & API Protector Hybrid.
April 09, 2025
Veracode has been granted a United States patent for its generative artificial intelligence security tool, Veracode Fix.
April 09, 2025
Zesty announced that its automated Kubernetes optimization platform, Kompass, now includes full pod scaling capabilities, with the addition of Vertical Pod Autoscaler (VPA) alongside the existing Horizontal Pod Autoscaler (HPA).
April 08, 2025
Check Point® Software Technologies Ltd.(link is external) has emerged as a leading player in Attack Surface Management (ASM) with its acquisition of Cyberint, as highlighted in the recent GigaOm Radar report.
April 08, 2025
GitHub announced the general availability of security campaigns with Copilot Autofix to help security and developer teams rapidly reduce security debt across their entire codebase.
April 08, 2025
DX and Spotify announced a partnership to help engineering organizations achieve higher returns on investment and business impact from their Spotify Portal for Backstage implementation.
April 07, 2025
Appfire announced its launch of the Appfire Cloud Advantage Alliance.
