Skip to content
skills-trainingSoftware developmentCybersecurityCareer-developmentTechnology

Streamlining software security earlier (shift-left approach) may yield benefits, but development teams are experiencing burnout - communication hiccups, tool redundancies, and excessive vulnerability data are causing significant issues for these teams.

Developers are finding it difficult to match the pace of demands while implementing "shift left" strategies for enhancing software security, as they encounter various challenges along the way.

 and  Administrator
3 min read
Developers face challenges in adhering to the "left shift" approach for enhancing software...
Developers face challenges in adhering to the "left shift" approach for enhancing software security, as they grapple with pressing demands and encounter a series of problems.

Streamlining software security earlier (shift-left approach) may yield benefits, but development teams are experiencing burnout - communication hiccups, tool redundancies, and excessive vulnerability data are causing significant issues for these teams.

A Shift to the Left Encounters Hurdles in Software Security

In an attempt to tighten software security, nearly half of enterprises are aiming to "shift left," but developers are encountering significant issues with this strategy, according to research by AI security firm Pynt.

Piling vulnerabilities, AI's swift development pace, and difficulties integrating tools are some of the obstacles dampening progress in this area.

The survey of 250 security professionals, focusing on the embrace of shift-left practices, found that 47% of organizations had already adopted the strategy, with an additional 27% in the works. However, a quarter of developers feel swamped by the deluge of vulnerabilities, and over one-third view false positives as the primary obstacle in executing an effective shift-left strategy. Followed by integration issues and a flood of vulnerabilities.

The study calls into question whether this approach to software development is genuinely lessening overall risks or merely increasing intricacy, as per Pynt CEO Tzvika Shneider. "Everyone talks about shifting left, but few are experiencing the security benefits they anticipated," Shneider stated. "Most organizations have tools in place, but they still deal with noise, process friction, and developer resistance."

AI: The Accelerated Pace of DevelopmentAI propels the speed at which software is developed and dispatched, compelling security to keep pace, Shneider added.

The research revealed that the vast majority of organizations implementing shift left had relied on software tools to aid the process, yet 31% persistently grappled with integrating these tools into development workflows.

Popular tools include Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST), each employed by roughly a third of respondents.

Contention between Security and Development TeamsTwo-thirds of respondents preferred fixing bugs in app code rather than by implementing rules in post-production, highlighting discord between developers and security teams. The former prioritize feature development and view security as a burden, while the latter strives to see flaws addressed swiftly.

"Shift right is simpler since it doesn't require collaboration across multiple teams, whereas Shift Left necessitates teamwork among development, security, and testing teams," the report noted. "Shift Left was intended to bolster security, but many organizations are discovering that execution issues are hampering them," Shneider added. "Security leaders must reassess their strategy to minimize friction between security and development teams while maintaining effective risk management."

Pynt suggested that automation in security testing could lessen the burden, as well as urging improved collaboration between security and development teams, such as integrating security into testing phases.

European nations are spearheading the adoption of shift left practices, the survey found, with Germany and the UK at 52%. American developer teams, though, still have room for improvement in this respect, researchers found, with just 42% of enterprises having adopted the approach.

The report follows previous research indicating that enterprise security teams grapple with keeping up with the proliferation of AI tools. Similar research demonstrated the rise in AI coding tools might actually be delaying development due to the associated security issues.

MORE FROM ITPRO

  • Anthropic's new AI model could revolutionize development for developers
  • As Java turns 30, it remains robust and indispensable
  • 30% of Microsoft's code is now AI-generated, and this could spell trouble for developers
  1. In the realm of technology, AI's accelerated pace of development necessitates a corresponding quickening of cybersecurity measures to maintain security.
  2. The study by Pynt reveals that integration issues persistently hamper the successful implementation of shift-left strategies, despite many organizations relying on software tools like Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST).
  3. To foster a more harmonious relationship between development and security teams, the report suggests the importance of integrating security into testing phases and advocates for automation in security testing to alleviate the burden on developers.
  4. As Europe leads the shift to the left practices, with Germany and the UK at 52%, American developer teams could benefit from improved skills-training and career-development in data-and-cloud-computing and cybersecurity to catch up, as outlined in the Pynt survey.

Read also:

    Related

    Latest