App Security Worries CISOs, but Most Fail to Adopt Secure Development
A survey on security workforce trends finds that security professionals' top worry are bugs in applications, but that concern is not translating into secure development practices.Application vulnerabilities and malware continue to top security professionals' list of worries, but the concerns have not translated into adopting secure development practices, a step shown to improve application security and catch software bugs earlier. Seventy-two percent of the nearly 14,000 chief information security officers (CISOs) and other security professionals surveyed indicated that application vulnerabilities were a top concern, according to the biennial Global Information Security Workforce Study published by the International Information Systems Security Certification Consortium (ISC)2. Yet, only 24 percent of security practitioners say their companies always scan for bugs during the code development process, with another 46 percent sometimes searching for bugs during development. The difference between security professionals' concerns and corporate practices underscores the importance of teaching companies to value secure development, said David Shearer, executive director of (ISC)2. "The bottom line is there is a tension between delivery [of software] and keeping a schedule, and doing that extra work required to build application security in at the coding stage—there is a tension there," he said.
The (ISC)2 Global Information Security Workforce Study, prepared by Frost & Sullivan, predicts that a drastic shortage in cyber-security professionals will have a significant impact on a variety of information security functions. The 2015 survey found that 62 percent of respondents felt their companies do not have enough information security professionals, an increase over the 56 percent who felt a shortfall in the 2013 study.