Now more than ever, organizations need to enable their
development teams to build and grow their security skills. Today
organizations face a threat landscape where individuals,
well-financed syndicates, and state actors are actively trying to
exploit errors in software. Yet, according to recent global
research, 67% of developers that were interviewed said they were
still shipping code they knew contained vulnerabilities.
Helping your development teams progress to achieve security
maturity is possible, and ultimately beneficial. It will help
ensure secure software development at every stage of the software
development lifecycle.
But how can you help your development teams reach security
maturity?
We dug deep and leveraged insights from over 400 of our
customers to identify traits and behaviors that occur when a
development team increases its security maturity. Here we share two
of them:
#1: A deep understanding of your gaps
Before creating any maturity program, we first need to
understand the development team itself. What is its existing
maturity level? What vulnerabilities do they struggle with? What
are the coding languages they use? Only once you have the answers
to these types of questions can an organization know what to
prioritize in a development team maturity program.
Our research found that several of the organizations interviewed
were able to obtain answers to these questions by hosting Secure Code Warrior tournaments.[1] In these tournaments,
developers are presented with a series of coding challenges and
missions and then compete against each other to identify, locate
and fix vulnerabilities. A tournament provides management with
insights into what vulnerabilities developers are struggling with
and, therefore, what a maturity program can focus on addressing
first.
#2: Create a plan to succeed
Building development team security maturity cannot be a
once-off, check-the-box approach but should be understood as a
continuous cycle of improvement. Successful programs have included
realistic goals for the individual developer and the entire team.
Having goals keeps developers engaged in the maturity program by
giving them a sense of achievement. Some organizations have found
leaderboards, rewards for achievements, or offering more exciting
projects for mature development teams are great incentives.
Building development team security maturity
By having a deep understanding of your team’s security maturity
gaps and by creating a plan all parties support, you are well on
your way to formulating a successful maturity program. The rewards
are well worth the effort.
As an organization, you will:
- Enable every developer to release secure code and fix code
faster - Minimize risk by reducing recurring vulnerabilities
- Ensure compliance while improving software development at the
speed - Improve productivity by significantly reducing the amount of
time on rework and security tickets - Allow senior leaders to focus on critical strategic efforts due
to greater efficiency and fewer wasted resources.
LEARN from hundreds of development teams who are successfully
increasing their security maturity: The importance of security maturity for
development teams (Whitepaper).[2]
References
- ^
Secure
Code Warrior tournaments.
(www.securecodewarrior.com) - ^
The
importance of security maturity for development teams
(Whitepaper). (www.securecodewarrior.com)
Read more https://thehackernews.com/2022/08/two-key-ways-development-teams-can.html