Most AppSec programs forget that there is only one team that can fix security flaws: the development team. While an AppSec strategy based on scanning will help you find flaws, the best approach avoids creating flaws in the first place. Yet developers often don’t have the training they need to prevent, identify or remediate code vulnerabilities. Very few university engineering programs include cybersecurity courses, and in a recent ESG survey of cybersecurity professionals, 35% of respondents reported that less than half of their development teams are participating in formal security training.
In addition, security teams often don't have the bandwidth or expertise to teach development teams themselves. At the same time, existing training solutions are lengthy, generic, often just plain boring and produce lackluster results. How can organizations enable their development teams with the skills they need to code securely?
Tune in to this discussion with Veracode's director of developer relations Rey Bango to dig deeper into the developer security training conundrum. You’ll walk away with a better understanding of: