A recent survey by Contrast Security found out that many applications have 10 or more vulnerabilities, while developers state the lack of application security in their current companies. Moreover, it also revealed that almost 50% of application security tools are not integrated into the CI/CD pipelines.
Although DevSecOps practices are not going to be implemented into most organizations for a while, the threats and disruptions due to these vulnerabilities remain high. Indeed, 88% of developers stated they needed to stop the development in order to fix the vulnerabilities at least once a week whereas 80% reported wasting time trying to diagnose application security alerts. Moreover, find high-skilled app security experts remain a challenge.
Hence, it seems to be essential to have more application security training in place. In time, DevSecOps will need an observability platform in order to capture metrics helpful to developers.
Having a good security platform is challenging as application data flows in and out of disparate systems running in the cloud and on-premises IT environments. The IT security teams are thus required to navigate many app programming interfaces with various degrees of dependencies to know exactly what is happening in their IT environments.
It will soon become vital to have efficient security applications and, even though DevSecOps needs time to really grow in importance, there is a pressing need to increase cybersecurity tools in application development.