Source: thenewstack.io
Culture, Vulnerabilities and Budget: Why Devs and AppSec DisagreeCategory: Security
Developers and security professionals are often in conflict, and this state of affairs is not going to change anytime soon, in this author’s opinion. The difference in opinion is not because of DevSecOps has taken hold among developers — adoption is almost the same among both respondent categories. Almost half (48%) of developers have bought into the idea that their organization is actively working to help developers and security teams work together.
Whether or not developers are actually pushing a lot of serious vulnerabilities up for debate, but their self-perception is incredibly different from that of their AppSec peers — only 27% of developers say code is frequently being published with known vulnerabilities, compared to the 57% of application security specialists that estimate likewise.
Two-thirds (67%) of AppSec respondents think the security team is ultimately responsible for the security of applications as compared to only 39% of developers.
Whether or not developers are actually pushing a lot of serious vulnerabilities up for debate, but their self-perception is incredibly different from that of their AppSec peers — only 27% of developers say code is frequently being published with known vulnerabilities, compared to the 57% of application security specialists that estimate likewise.
Two-thirds (67%) of AppSec respondents think the security team is ultimately responsible for the security of applications as compared to only 39% of developers.
Related Articles
Community Partners
DevOps Careers