Dev-Sec convergence: New research details progress and challenges on the road to secure innovation

Invicti Security’s Fall 2021 AppSec Indicator report reveals where organizations make security trade-offs in the push to innovate; explores the promise of automation and integration

Austin, TX, October 26, 2021 at 9am EDT – Nearly all organizations are increasing their investment in application security this year, but they continue to struggle to fully embrace secure innovation. A new market study released today by Invicti Security™, Application Security and the Innovation Imperative, examines how companies are contending with the strategic need to innovate and the existential risk posed by cyber threats. Conducted in partnership with Wakefield Research, the report is based on a survey of 600 executives and hands-on-keyboard practitioners across security, development and DevOps. Respondents spanned more than 20 industries including manufacturing, technology, government, retail, and education. The findings reveal both encouraging trends and continued challenges:

• Tight timelines and innovation pressures for those on the front lines mean skipped security steps. And, integration is still a work in progress: 70% of respondents “frequently” or “always” complete projects without carrying out all security steps. Additionally, integration into the software development life cycle (SDLC) is lacking, with only 20% reporting they have fully shifted left and another third in the “messy middle.” The repercussions of this are clear, with one in three issues under remediation making it to production without being caught in the dev or test stages.
• Dev and sec are collectively stressed out, but the animosity between the two groups has been exaggerated: An eye-popping 78% of dev and sec respondents suffered increased stress levels this year and 73% actually considered quitting their job because of this stress. Despite the well-known reputation for friction between the two groups, 76% feel they have a shared passion for security and work as one team that often collaborates to address security issues. This compares with only 17% who classified the relationship as “frenemies” and 7% “strangers.”
• Underpowered tools and manual processes impede efficiency, but practitioners know what it will take to address the problem. It would take a whopping two weeks per team member on average to address their organization’s current backlog of security issues — and that’s if they don't work on anything else. Adding to this, 78% say they are forced to perform manual verification of vulnerabilities always or frequently. False positives no doubt play a role in this: 96% report they are problematic at their organization, and 39% say they increase friction between dev and sec. But these teams know what it will take to dig out of the mess: increased automation (60%) and more integrations (99%).

“While there is a growing recognition that security must be a core element of innovation, organizations continue to struggle to achieve that vision,” said Mark Ralls, President & COO of Invicti. “It’s on leaders to set the tone from the top down and drive culture shifts that increase emphasis on security while equipping teams with the powerful tools and workflows they need to make secure innovation a reality.” Click here to access the full research report and here for the infographic reflecting the top five themes for leaders uncovered as a result of the analysis. Delivering innovative AppSec solutions since 2005, Invicti has protected more than 800,000 websites for over 3,100 customers globally. For the first time, Invicti was included this year in the 2021 Gartner Magic Quadrant for Application Security Testing. The company has also recently been recognized by G2 as a Momentum Leader for its Acunetix and Netsparker products, won two Cyber Defense Global InfoSec Awards this year, and is also the recipient of a 2021 Globee Award for Cyber Security Global Excellence.

About Invicti Security

Invicti Security is changing the way web applications are secured. A global leader in web application security for more than 15 years, Invicti provides dynamic and interactive application security products to help organizations in every industry scale their overall security operations, make the best use of their security resources, and engage developers to improve their overall security posture. Invicti’s product Netsparker delivers industry-leading enterprise web application security, while Acunetix is designed for small and medium-sized companies. Invicti is headquartered in Austin, Texas and serves organizations all over the world. Media Contact: Anya Nelson Scratch Marketing + Media for Invicti Security anyan@scratchmm.com This press release was originally published on PR Newswire.