Skip to content

A Study on Secure Coding Training

2023 was a year of software security regulation and governance. In 2024, we expect cybersecurity regulations to become even more stringent as they remain a key focus area for industry organizations and governing bodies.

Is Regulation the Consequence of Complacency in Securing Code?

Is Regulation the Consequence of Complacency in Securing Code?
In 2023, the White House, CISA, the SEC, and the PCI Security Standards Council increased their regulation and governance of software security.
 
This study, conducted independently by Ponemon Institute and sponsored and published by Security Journey, aimed to understand the state of secure coding training and provide insights into how organizations are attempting to improve software security in the face of increasing regulatory pressure.
 
The research reveals that organizations are still prioritizing speed to market over security, going to production with vulnerabilities and doing secure coding training only to check the regulatory box instead of focusing on educating teams on handling a broader landscape of threats.
 
A few highlights from the report:
 
  • Only 20% of respondents were confident in their ability to detect a vulnerability before an application is released
  • Over 60% struggle to remediate vulnerabilities effectively
  • 50% fail to test the security of their applications after they have been released. 
  • 47% of organizations are blaming these challenges of remediating vulnerabilities in production on a lack of qualified personnel