WhiteSource Finds Developers Eye Speed at Expense of Security
October 6, 2020
AppSec tools are purchased to 'check the box', disregarding developers' needs and processes, resulting in tools being purchased but not used
Developers don't fully use the tools purchased by the security team. The more the mature an organization is in terms of its DevSecOps practices, the more AppSec tools they use
There is a significant "AppSec knowledge and skills gaps" challenge that
is largely neglected by organizations
Security professionals' top challenge is prioritization, but organizations lack the standardized processes to streamline vulnerability prioritization
"Survey results show that while most security professionals and developers believe that their organizations are in the process of adopting DevSecOps, most organizations still have a way to go, especially when it comes to breaking down the silos separating development at security teams," said Rami Sass, CEO and co-founder of WhiteSource. "Full DevSecOps maturity requires organizations to implement DevSecOps across the board. Processes, tools, and culture need to evolve in order to break down the traditional silos and ensure that all teams share ownership of both security and agility."