{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1400px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Ponemon & Security Innovation Research: Our Vulnerable State of Application Security Maturity

by Jason Taylor on October 3, 2013

Part 3 of 5 - The Need for More Educated Development Teams

To view the previous post in this five-part series, click here.

Despite the rapid change of technology and the rise of new platforms such as cloud and mobile, the majority of organizations do not have a formal application security training program in place. Knowledge and skills are fundamental to software assurance - without a thorough understanding and grounding in the principles, vernacular, tools, and practices for software security, your development team’s effectiveness will be limited and you won’t see the kinds of results you are expecting.

  • More than 80% of technical staff report their organizations are not updating training and education programs for their development teams
  • Between 66% and 71% of executives and directors think that they are updating internal training programs – and this is the group that approves budget spend

There are two primary reasons for insecure code: lack of developer training and failure to prioritize security. When developers lack know-how, they may know that security is a requirement, but they don’t know how to write secure code. They may also lack a process that emphasizes the importance of secure code and catches vulnerabilities that make their way into the system. When a team fails to prioritize security, the development team may not be given the time and resources necessary to write secure code.

Security requires a focused investment into developer education, secure coding processes and scheduled time to create a secure architecture and use secure coding standards. Keep in mind that there are different training needs for each role on your development team and for each technology in use. For example, mature organizations are aware of the effectiveness of the implementation of standards and use them regularly to:

  • Conduct audits and assessments to understand the threats against their organization
  • Improve security, architecture and coding standards

Skill development follows interests and motivation. Tools and services are wanted, but they are only used if felt of value, which requires training on how to focus on hot spots, interpret the results, and most important, remediate the vulnerabilities found. Also, development teams will be motivated if they understand how training can help them be more effective, efficient, and get their job done better; it is not a tax, but an enabler.

Topics: application security, cybersecurity news

Most Recent

What's Trending

Featured Resource