Majority of development teams admit to skipping security steps

New research from Invicti Security finds that 70% of development teams always or frequently skip security steps as a result of time pressures when finishing projects. Obvious issues arise when essential steps are missed, with the study also discovering that one in three issues under remediation reach production without being caught in the development or test stages.

A total of 600 executives and security, development and DevOps practitioners were surveyed for their views on a range of security issues for the ‘Application Security and the Innovation Imperative’ report, with respondents being found across a range of industries.

“While there is a growing recognition that security must be a core element of innovation, organizations continue to struggle to achieve that vision,” said Mark Ralls, President & COO of Invicti. “It’s on leaders to set the tone from the top down and drive culture shifts that increase emphasis on security while equipping teams with the powerful tools and workflows they need to make secure innovation a reality.”

The vast majority of dev and sec respondents report facing increased stress in 2021, with a disturbing 73% of those surveyed saying they had considered quitting their jobs due to high-stress levels. Backlogs of security issues are also commonplace at many organisations, meaning it would take two weeks per person to clear the current backlog, on average.

One of the reasons for this backlog is the requirement to perform manual verification of vulnerabilities always or frequently. False positives are a major problem area for 96% of respondents. Yet, 60% and 99% of survey respondents, respectively, say if automation was increased and more integration was achieved, these challengers would be improved,