2024 Study on How Secure Coding Training Impacts Regulatory Compliance

Presented by

Amy Baker, CMO, Security Journey

About this talk

In 2023, the White House, CISA, the SEC, and the PCI Security Standards Council increased their regulation and governance of software security. This study, conducted independently by the Ponemon Institute and sponsored and published by Security Journey, aimed to understand the state of secure coding training and provide insights into how organizations are attempting to improve software security in the face of increasing regulatory pressure. The research reveals that organizations are still prioritizing speed to market over security, going to production with vulnerabilities and doing secure coding training only to check the regulatory box instead of focusing on educating teams on handling a broader landscape of threats. A few highlights from the report: - Only 20% of respondents were confident in their ability to detect a vulnerability before an application is released - Over 60% struggle to remediate vulnerabilities effectively - 50% fail to test the security of their applications after they have been released. - 47% of organizations are blaming these challenges of remediating vulnerabilities in production on a lack of qualified personnel
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (14)
Subscribers (1349)
Security Journey offers robust application security education tools to help developers and the entire SDLC team recognize and understand vulnerabilities and threats and proactively mitigate these risks. The knowledge learners acquire in our programs goes beyond helping learners code more securely – it turns everyone in the SDLC into security champions.