In 2023, the White House, CISA, the SEC, and the PCI Security Standards Council increased their regulation and governance of software security.
This study, conducted independently by the Ponemon Institute and sponsored and published by Security Journey, aimed to understand the state of secure coding training and provide insights into how organizations are attempting to improve software security in the face of increasing regulatory pressure.
The research reveals that organizations are still prioritizing speed to market over security, going to production with vulnerabilities and doing secure coding training only to check the regulatory box instead of focusing on educating teams on handling a broader landscape of threats.
A few highlights from the report:
- Only 20% of respondents were confident in their ability to detect a vulnerability before an application is released
- Over 60% struggle to remediate vulnerabilities effectively
- 50% fail to test the security of their applications after they have been released.
- 47% of organizations are blaming these challenges of remediating vulnerabilities in production on a lack of qualified personnel