Security teams and developers are more aligned and capable of taking a collaborative approach than many in the industry believe, according to a new study from Veracode.
The application security vendor, recently acquired by CA Technologies, polled 400 IT professionals in the UK, US and Germany to better understand the relationship between the two functions.
There’s a common perception that developers and security professionals are fundamentally at odds: the former prioritizing features and time-to-market and the latter focused on producing the most secure products possible.
However, 58% of respondents to the survey claimed they take a collaborative approach to securing applications.
What’s more, over two-fifths (43%) said they use application security during the development process, pointing out that this is more effective than retrospectively being forced to patch apps produced with vulnerabilities.
DevOps is seen as key to bringing together both teams, with nearly half of respondents (45%) claiming DevOps makes the software development team’s job easier, and just 8% saying app security slows the development process down.
As a result, almost 70% said they will increase their use of application security tools over the next 1-2 years.
However, there’s still some work to do. Integration of static (42%) and dynamic (34%) software testing and lifecycle tools into app development and DevOps processes was the most cited consideration of all related to these tools.
“Contemporary application development methodologies such as DevOps foster communication and collaboration between the application development, operations and security teams with the goal of identifying and fixing vulnerabilities as early as possible to increase efficiency and enhance security,” said Doug Cahill, senior analyst at Enterprise Strategy Group, which carried out the research.
“The increased adoption of DevOps combined with the eagerness to integrate and automate security testing throughout the entire software lifecycle indicates a shift towards DevSecOps, which means thinking of secure code as an element of creating quality code.”