On the heels of the RSA Asia Pacific and Japan conference that took place last week, there was one common theme that Checkmarx captured while speaking with visitors at their stand—imbedding security throughout an organizations’ DevOps ecosystem is viewed as a difficult barrier to overcome. Visitors to our booth who work in the field of Application Security (AppSec) were asked to participate in a short survey concerning the Top Key Concerns (or Difficulties) they’re experiencing when trying to add more security within their own software development environments. From the survey, participants had the option of ranking their first and second Top Key Concern from the list of four shown below:
From the 126 visitors who filled out the survey pertaining the list above, here’s how respondents ranked their Top Four Key Concerns:
- I CANNOT KEEP PACE WITH ENGINEERING
- I CANNOT GET DEVELOPERS TO BUY IN
- I’M OVERWHELMED, THERE IS WAY TOO MUCH UNPRIORITIZED INFORMATION
- WHERE DO I EVEN START
- #1 - I’M OVERWHELMED, THERE IS WAY TOO MUCH UNPRIORITIZED INFORMATION
- 40 percent selected this option as their Top Key Concern
- #2 – I CANNOT GET DEVELOPERS TO BUY IN
- 24 percent selected this option.
- #3 – WHERE DO I EVEN START
- 19 percent selected this option.
- I#4 – I CANNOT KEEP PACE WITH ENGINEERING
- 17 percent selected this option.
- Static Application Security Testing (SAST)
- Interactive Application Security Testing (IAST)
- Software Composition Analysis (Open Source Analysis – OSA)
- Secure Coding Education (Codebashing)