Categories
Community

Where does Security sit in Early-Stage Software Development: the Shift Left Approach

The average cost of a security breach in a hybrid cloud environment is estimated at a staggering $3.6 million making it critical for organisations to make software security one of the most important priorities.

Cisco’s most recent report, based on the findings from two SlashData global surveys that targeted enterprise developers, uncovers developers’ exposure to API security exploits, their outlook on security, and how they use automation tools to detect and remediate threats. Here is a detailed preview of the report:

  1. Enterprise developers focus on prioritising security from the early stages of development

There is a significant rise in security threats; in fact, 58% of enterprise developers have had to tackle at least one API exploit in the past year alone. And to make matters worse, nearly half of them have experienced multiple API exploits during that time.

As modern applications increasingly rely on microservices, securing the APIs that connect these services becomes even more crucial. It is also true that juggling multiple APIs can make staying on top of security challenging. That’s why it’s essential to prioritise security from the very beginning of development to avoid wasting time and effort on reworking code and dealing with exploits later on.

Obviously, breaches should be ideally prevented. But if they do occur, organisations must be set up to act swiftly. According to the report, ,only one-third of enterprise developers can resolve API exploits within one day of a breach.

Security in Early-Stage Software

By treating security as a top priority from the start of the development lifecycle, organisations can increase preparedness and avoid costly mistakes down the road.

2. What is the right time to address security concerns?

Shift-left security is all about strategically placing security at the forefront. The cost savings from addressing security concerns early in the development process can be significant compared to dealing with security issues during deployment or after a security breach. In fact, according to the data, many organisations are already putting significant effort into identifying security vulnerabilities during the early stages of development, and as a result, have implemented additional security measures.

How do enterprise developers address security?

Security in Early-Stage Software

3. Relying on automations can account for faster, and frictionless operations

During the surveys, developers were asked whether they use automated approaches to security, such as scanning tools or automated fixes. 

The most likely group of developers to adopt automated security approaches are key decision-makers and team leads who influence, manage, or set the strategy for their teams’ purchase initiatives (90%). 

This probably indicates that many developers still don’t use automation tools for security. However, it’s important for developers to use the best tools when it comes to the production of secure code.

Security in Early-Stage Software

While more than half of enterprise developers are already shifting left, less experienced developers are still behind. Automation appears to be core to the shift-left approach, with two-thirds of developers using automated security tools. 

Nevertheless, automation is not favoured by developers who wish to acquire more experience. This highlights a need for balancing the need for learning with the importance of using the best security tools available.The organisations that are set up to go that way are very likely to reap the fruit of shift-left security.  

Categories
Community

Cheat Sheet – Developers, unite! Have your voice heard.

This is a cheat sheet focusing on the Developer Nation 23rd survey wave, giving you all the key details to make the most out of your experience:

What
11+ years of surveying developers.
The Developer Nation survey has been measuring the preferences, needs and wants of developers for more than 11 years. It’s a dynamic survey where each participating survey taker will have a unique path, based on their own background and experience. 

When
The Developer Nation Community will be launching its 23rd survey wave on June 2 in English. On June 9, the survey will be available in all other languages: Spanish, Portuguese, Chinese Traditional + Simplified, Korean, Russian and Japanese.

Who is it for
Developer Nation is borderless! Everyone’s welcome! 
The Developer Nation survey is global and open to all. In the previous edition, more than 20,000 developers and creators of all levels – from students to hobbyists and seasoned professionals – from 160+ countries, shared their views. 

We want to hear your opinion if you see yourself as a developer, software engineer or tech creator involved in Web, Mobile, Desktop, Cloud, DevOps, Industrial IoT & Consumer Electronics, AR/VR, Apps/extensions for 3rd party ecosystems, Games, Machine Learning & AI, and Data Science.

If you nodded at any of the above areas or descriptions, this survey is for you. Keep reading for the benefits of participating or start now.

Why participate
There are several benefits for those who take the survey. Some of these are:

Prizes
By participating, developers can win amazing prizes and unlock more as they proceed, including a complimentary virtual goody bag packed with free resources. 

Premium access to information
Understanding the trends can be paramount to developers’ next career move. We share the results, data and ecosystem insights with the participants and tech organisations who use the data to improve their developer offerings. 

Giving back and helping others
For each qualified survey response, we will donate USD $0.10 to a charity of your choice. Our goal is to reach USD $1,800+ in donations. Take the survey, pick a charity to support, and help us make a difference.

What’s different this time
Every wave is a new opportunity to give developers what they want. Here’s the latest benefits we introduce in this 23rd wave:

  • Weekly prize draws, including everyone who signs up to take the survey.
  • Special Prizes to be drawn for everyone taking the survey in the first 48 hours (2 winners: Nintendo Switch & iPhone 13).
  • A new way to reward participants: the more questions you answer the more chances you get to win. A participant’s name will be included multiple times in draws depending on the number of questions answered. 
  • Prizes include: Nintendo Switch, iPhone 13, Xiaomi RedMi 11, Samsung Galaxy S22, Amazon Echo Dot 4th Gen, Premium Subscriptions and Licences, Vouchers for online courses and tutorials, Gift cards and vouchers for Amazon, Spotify, Apple Store, Google Play, cash to fund your development projects or towards the gear you need up to $1,000 USD and many more prizes drawn every week.
  • Everyone who completes the survey will receive a virtual goody bag filled with free subscriptions, discounts and vouchers. 

You read this far, which should mean you’re interested. Why not start the survey and share your views on key topics only developers can understand? If you’re short of time, you can save your progress and continue later (you’ll need to sign up to save). 

Are you creating for AR/VR?
There is an additional, exclusive, survey dedicated to Augmented, Virtual and Mixed Reality creators, with the same benefits. AR/VR creators can share their reality views using this link.