The new year is traditionally a time to make resolutions and form good habits. It’s an opportunity that many of us take in both our professional and personal lives to adopt better practices and principles and embrace new ways of thinking.
More often than not, these resolutions fail within weeks – in fact, according to research, Jan 19th is the day that most resolutions are abandoned – and sometimes the lack of focus or commitment to resolutions can be a result of insufficient knowledge, education or support to drive long-lasting behavioral change.
If we look at the software development industry as an example, development teams are under significant pressure to bring new applications and services to market more quickly than ever before. However, nearly every application has at least one vulnerability or misconfiguration that affects security.
Vulnerabilities are rising year on year, and 90-95% of data breaches are due to web application vulnerabilities, according to Verizon’s 2021 DBIR. To combat this trend, we believe that development teams need a new year’s resolution to start understanding security principles and prioritizing coding securely as a long-lasting habit.
While there is no doubt that most developers and all roles within the software development lifecycle (SDLC) strive to master their trade, they may not have the in-depth understanding and knowledge of application security that they need to help solve the problem of the current App Sec dilemma. For instance, we know that developers are unlikely to get this education in their computer science degrees – none of the top 50 in the U.S. have mandatory secure coding courses.
At Security Journey, it is our mission to make coding securely a more lasting and engrained habit. Through continuous application security education programs, we can instill a security-first mindset and ensure that as part of ‘secure habits’, security is baked into any app development from the beginning, thereby reducing vulnerabilities.
Secure habits will differ for everyone in the SDLC given the varied roles and responsibilities, from developers to those in Product Management, Quality Assurance, and Project Management, and also the different levels of experience that exists within all these roles.
For example, secure habits are beneficial for any developer at the start of their secure coding journey, as they can provide foundational practices that are then supported with programmatic training. However, it’s also crucial for those further along in their career who can apply the concepts they’ve learned to their everyday software development.
Some suggestions for different areas of the SDLC include:
The future of application development can be secure with continuous focus and efforts made to ensure everyone practices secure habits. This goal can be supported by programmatic education and awareness to change habits and ensure better cyber hygiene.
But it’s only possible if organizations are determined to accomplish their new year’s resolution by prioritizing secure coding training and making it a “secure habit”.