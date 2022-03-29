SAN FRANCISCO, March 29, 2022 (GLOBE NEWSWIRE) -- Tromzo, a developer-first application security management platform, has released the findings from its new Voice of the Modern Developer Report.
The report was based on a survey of more than 400 U.S.-based developers who work at organizations where they currently have CI/CD tools in place.
"These findings show that developers regularly ignore security issues, but can we really blame them?" said Tromzo CTO and co-founder Harshit Chitalia. "Security teams are bombarding them with an endless stream of issues that need to be addressed with no way for them to separate what's actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before. If we want developers to truly implement security, we must make it easy for them. This means integrating contextual and automated security checks into the SDLC so we can transition from security gates to security guardrails."
Key Findings:
- 42% of developers push vulnerable code once per month. When a developer knowingly publishes code they believe to be vulnerable, it is clear that they think it is not their responsibility to fix the code before it is pushed or other organizational pressures deprioritize security.
- Developers fix only 32% of known vulnerabilities. Given the volume of false-positive alerts that teams deal with today, fixing 32% of vulnerabilities could very well produce an acceptable result if developers could determine which 32% to fix. Unfortunately, without security training and experience, developers should not be expected to make that determination accurately.
- A third of vulnerabilities are noise. To reduce false-positive vulnerabilities, scans must have access to all of the required asset information so that security tools can accurately determine whether a vulnerability exists. Reducing security noise will allow developers to address security issues confidently.
- 33% believe that developers and security are siloed. When developers and security teams operate in insulated silos, it leads to inefficiencies and gaps in security across the software development lifecycle. These silos ultimately lead to security vulnerabilities and bad user experiences.
To read a copy of the report, please click HERE.
About Tromzo
Tromzo is a developer-first application security management platform that helps reduce the friction between developers and security. The company was founded by security practitioners and is backed by Innovation Endeavors, Operator Partners, SVCI and more than 25 leading CISOs and security industry executives. For more information, visit www.Tromzo.com
Media Contact
Related Images
This content was issued through the press release distribution service at Newswire.com.
Attachment
© 2022 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Ad Disclosure: The rate information is obtained by Bankrate from the listed institutions. Bankrate cannot guaranty the accuracy or availability of any rates shown above. Institutions may have different rates on their own websites than those posted on Bankrate.com. The listings that appear on this page are from companies from which this website receives compensation, which may impact how, where, and in what order products appear. This table does not include all companies or all available products.
All rates are subject to change without notice and may vary depending on location. These quotes are from banks, thrifts, and credit unions, some of whom have paid for a link to their own Web site where you can find additional information. Those with a paid link are our Advertisers. Those without a paid link are listings we obtain to improve the consumer shopping experience and are not Advertisers. To receive the Bankrate.com rate from an Advertiser, please identify yourself as a Bankrate customer. Bank and thrift deposits are insured by the Federal Deposit Insurance Corp. Credit union deposits are insured by the National Credit Union Administration.
Consumer Satisfaction: Bankrate attempts to verify the accuracy and availability of its Advertisers' terms through its quality assurance process and requires Advertisers to agree to our Terms and Conditions and to adhere to our Quality Control Program. If you believe that you have received an inaccurate quote or are otherwise not satisfied with the services provided to you by the institution you choose, please click here.
Rate collection and criteria: Click here for more information on rate collection and criteria.