“Shift left” has become the holy grail for security teams today but organizations are still struggling to successfully implement some of the key processes that shifting security left entails.
A new study sponsored by Snyk and conducted by Enterprise Strategy Group (ESG) has found that while developers are indeed being given more responsibility for testing their applications for security issues, they simply don’t have the knowledge or right set of tools to do so.
The report elaborates on reasons why:
|Developers struggle to mitigate issues: 29% of respondents claimed that their development teams simply lack the knowledge to mitigate issues identified|
|Existing tools hindering development: 26% of respondents felt that their existing testing tools added friction and slowed down development cycles|
|Poor adoption of existing tools by developers: 24% complained that their developers were simply not effectively utilizing the testing tools they have invested|
Lacking integrations challenging organizations: 23% stated that their tools simply don’t integrate well with development and DevOps tools
|Developer security training lacking: Only 15% say that all their developers are participating in formal security training|
Evangelos Deirmentzoglou, Interim Head of Security