Baking in security is not getting any easier according to the Third Annual GitLab Global Developer Survey. Revealed is that there is still a disconnect between developer and security teams. My dear CSSLP followers say it isn't so!
The research tells us that while most developers are aware of the dangers that vulnerabilities present and want to dramatically improve their security capabilities, they often lack organizational support for prioritizing secure code creation, increasing secure coding skills, and implementing automated scanning and testing tooling to make that happen sooner rather than later.
In fact, while 69% of developers say they’re expected to write secure code, nearly half of security pros surveyed (49%) said they struggle to get developers to make remediation of vulnerabilities a priority. And 68% of security professionals feel fewer than half of developers are able to spot security vulnerabilities later in the lifecycle. Roughly half of security professionals said bugs were most often found by them after code is merged in a test environment.