"Trained Developers Get Rid of More Vulnerabilities Than Code Scanning Tools"
An EMA survey of 129 software development professionals revealed that only 10 percent of organizations using code scanning tools prevented a higher percentage of vulnerabilities than those not using such tools. Continuous training significantly improved code security for over 60 percent of organizations that adopted it. About 70 percent of companies are missing important security phases in their Software Development Lifecycle (SDLC), suggesting the difficulty of a "shift-left" strategy. Although new vulnerabilities per year in the National Vulnerability Database (NVD) increased by more than 210 percent between 2015 and 2021 (from 6,487 to 20,139), the shift-left strategy has not been widely used. EMA's analysis revealed that only 25 percent of organizations use a shift-left security strategy, despite increased industry awareness of its significance. The research revealed that security remains a lesser priority for many companies, as almost half do not have a dedicated step for security validation, 20 percent do not plan their application security, and 4 percent do not have a dedicated step for security implementation. This article continues to discuss key findings from the EMA survey and the importance of training developers to improve code security.