Economic growth today is largely based on digital technology, which means that every major business has become a software company in some form. With 23 million software developers around the world today1, software developers are now the primary architects underpinning the success of many public and private organizations. Within this environment, many development teams have moved from a niche corner of their organization right into the ‘hot seat’. They are challenged to rapidly translate business needs into competitive applications that are convenient, trustworthy, and secure. ‘Convenient, trustworthy and secure’ are easy words to write on a page, but infinitely more challenging to deliver, especially when there are 111 billion lines of code written every year.2 In 2018, software security continues to be a major challenge, with the threat and reality of breaches growing every day. Agreeing with many concurring reports, Verizon’s 2018 Data Breach Investigations Report found that 21 percent of data breaches today are caused by web application vulnerabilities, something that has been a consistent finding over the past decade.

Despite ever-increasing application security budgets, testing platforms, tools and penetration tests, the number of successful cyber-attacks keep rising. According to an Akamai report, attacks on web applications increased by 69 percent from Q3 2016 to Q3 20174. Further to this, the same security errors are routinely found in software day after day, year after year, and the threats are expanding as a result. According to Veracode’s recent report based on 400,000 application scans in 2017, applications passed OWASP Top 10 policy only 30% of the time, and this is consistent for the past five years5. Astonishingly, SQL injections appeared in almost one in three of newly scanned applications over the past 5 years, including last year.

The time has come to evolve developer software security training to be a constant and positive part of their everyday working routine. Writing great software means it must be secure. Improving secure coding skills and outcomes will add a powerful layer of cyber protection for organizations, and will help them write better, faster code. Developers don’t need to become security experts, but they must be empowered to be the first line of defense for their organization.

To read more, click here