The Culture Connection Gets Real: Secure Software Development Requires a New Mindset
January 24, 2018

Ayman Sayed
CA Technologies

Today’s digital economy is fueled by software. When software is developed with security integrated from the start — a practice and approach commonly known as DevSecOps — the risk of data breaches is greatly diminished, providing users with heightened levels of confidence and trust when engaging with applications and services that are so ubiquitous in our online world.

According a new survey from CA Technologies — Integrating Security into the DNA of Your Software Lifecycle — the majority of respondents confirmed that software development supports growth and expansion, helps businesses compete and drives digital transformation. And yet, the findings show that, as software becomes more critical to business success in the digital economy, security concerns are exponentially on the rise.

In fact, 74 percent of respondents agreed that security threats due to software and code issues is a growing concern. CA Veracode’s State of Software Security Report 2017 found that vulnerabilities continue to crop up in previously untested software at alarming rates, with 77 percent of apps having at least one vulnerability on initial scan.

Creating a culture of secure software development is a major challenge, according to the survey findings. An overwhelming 58 percent of respondents cited existing culture and lack of skills as hurdles to being able to embed security testing and evaluation within software development processes. Only 24 percent strongly agreed that the organization’s culture and practices supported collaboration across development, operations and security. On top of cultural limitations, less than a quarter of respondents strongly agreed that senior management would sacrifice time to market in order to have sufficient time to assess and repair software security vulnerabilities.

Security is a key principle in any Modern Software Factory. While our survey findings confirm an overarching recognition in the importance of ensuring that data and systems are built and maintained securely, there is still a lack of cultural adoption within organizations around this pressing issue. When coupled with security, Intelligent IT – the use of AI, machine learning and analytics to make better, more informed decisions – can dramatically change the way that business is done.

The report showcases characteristics of “Software Security Masters” (the top 34 percent of respondents), which are organizations that have been able to fully integrate security into their software development lifecycles. This includes conducting early and continuous application testing for security vulnerabilities, as well as embracing the practice of DevSecOps.

In fact, when compared with the mainstream, respondents from the Software Security Masters were over two times more likely to strongly agree that they viewed security as an enabler of new business opportunities. These organizations also exhibited the following attributes:

■ 50 percent higher profit growth

■ 40 percent higher revenue growth

■ Are 2.6x more likely to have security testing keep up with frequent app updates

■ Are 2.5x more likely to be outpacing their competitors

The organizations labeled as Software Security Masters are the beacons of hope in today's digital economy. Not only do they exemplify and represent the cultural mindset necessary to adapt and thrive in today's dynamic market, they are influencing change within the industry while shaping the workplace of the future.

Survey Methodology: The global online survey of 1,279 senior IT and business executives was sponsored by CA Technologies and conducted by industry analyst firm Freeform Dynamics in July 2017. It was augmented by in-depth telephone interviews with key industry executives.

Ayman Sayed is President and Chief Product Officer at CA Technologies
Share this

Industry News

May 26, 2020

GitLab is releasing 13.0 of its DevSecOps platform to enable organizations to efficiently adapt and respond to new and dynamic business challenges.

May 26, 2020

Solo.io announced the availability of the Istio Developer Portal to streamline the developer onboarding process for improved developer experience and increased productivity with added security features.

May 26, 2020

WhiteHat Security will offer free application scanning services to any education institution to support secure online learning.

May 21, 2020

Exadel announced the Grand Prize winner of the “Appery.io COVID-19 Virtual Hackathon.”

May 21, 2020

CloudBees announced significant advances for its Software Delivery Management (SDM) platform – integrations with additional continuous integration and continuous delivery (CI/CD) engines, including Google Cloud Build and Tekton, and extension of the availability of CloudBees’ SDM Preview Program.

May 21, 2020

OutSystems is announcing over 70 development accelerators that ensure web and mobile applications created on the OutSystems low-code development platform can comply with the highest accessibility standards and regulations.

May 20, 2020

Styra announced that Styra Declarative Authorization Service (DAS) now supports microservices and extends context-based authorization to the service mesh.

May 20, 2020

Optimizely announced that its free feature flagging plan for development teams, Rollouts, now also includes A/B testing and feature configuration.

May 20, 2020

StackRox announced new runtime security features in the latest release of the StackRox Kubernetes Security Platform.

May 19, 2020

Docker has partnered with Snyk to deliver the first, native vulnerability scanning of container images in Docker.

May 19, 2020

Rancher Labs announced the launch of Rancher Academy.

May 19, 2020

Datical, a provider of database release automation solutions, has rebranded and will be conducting operations under the name Liquibase.

May 18, 2020

D2iQ introduced the D2iQ Shortcut to Success promotion. The cost-effective package of technology, training, professional services and support ensures successful Day 2 production operations for Kubernetes at a price point that makes it affordable for companies of all sizes to get started.

May 18, 2020

Altran announced the release of a new tool available on GitHub that predicts the likelihood of bugs in source code created by developers early in the software development process.

May 18, 2020

DigitalOcean closed a $50 million Series C funding round led by Access Industries, with participation from Andreessen Horowitz.