There are still obstacles that development and security teams must overcome when it comes to securing applications.
There are still obstacles that development and security teams must overcome when it comes to securing applications.

More than half (52 percent) of developers feel application security testing often delays development and threatens deadlines.

New research from Veracode underscores the importance of developer-led security in the age of DevOps, and shows that businesses are recognising how important security applications are in this day and age.

However, there are still obstacles that development and security teams must overcome when it comes to securing applications.

A total of 351 developers from the UK, US and Germany were polled. Additionally, 151 development operations managers from the same countries completed the survey. All respondents came from a wide range of industries including finance, architecture and engineering, education, healthcare and manufacturing.

Forty percent of developers are incorporating security testing during the programming stage, and 21 percent identify the design stage as the point at which security testing is completed.

When it comes to application security, 25 percent of developers feel they have authority over decisions regarding it.

Fifty-two percent of developers and managers cited sensitive data exposure as their top concern. In Germany and the UK, 40 percent of developers and 38 percent of managers said stopping cyber-attacks and breaches was their top concern. Meanwhile in the US, 42 percent of managers and 34 percent of developers listed this as their top concern.

In Germany and the UK, 26 percent of managers said meeting budget and delivery schedules was their top concern, as opposed to just 18 percent of managers in the US.

Developers and managers in healthcare stated meeting customer and regulatory compliance was their top concern.

Eleven percent of financial services and 16 percent of manufacturers said they incorporated security later on in the development cycle.

“In an age where continuous deployment and frequent innovation is critical to the success of business, it is unacceptable for security testing to hinder development efforts. As DevOps environments become a standard method of developing software, the industry has an opportunity to continuously improve the way it integrates security into the development process,” said Tim Jarrett, director of security at Veracode.