2024如何实现开发者友好型应用安全策略指南英文版 .docxVIP

下载本文档

0
0
约2.22万字
约 15页
2026-02-10 发布于浙江
举报

2024如何实现开发者友好型应用安全策略指南英文版 .docx

GartnerResearch

HowtoMakeApplicationSecurityDeveloper-Friendly

BestinSamuel,NehaAgarwal,MaryJoy

26April2024

HowtoMakeApplicationSecurityDeveloper-Friendly

26April2024-ID-8minread

ByAnalyst(s):BestinSamuel,NehaAgarwal,MaryJoy

Initiatives:SoftwareEngineeringPractices;BuildaWorld-ClassSoftwareEngineering

Organization;SecurityofApplicationsandData;SoftwareEngineeringTechnologies

Softwareengineeringleadersholdtheirteamsresponsibleandaccountableforsecurityactivities,butteamsexperiencefrictionthatimpedessecuresoftwaredelivery.Thisresearchhighlightstwocompaniesusingdeveloper-centricapproachestoaddressdeveloperpainpointsinapplicationsecurity.

OverviewKeyFindings

■ Morethanhalfofsoftwareengineeringteamsareresponsibleforsecurityactivitiessuchasremediatingvulnerabilities,securingAPIsandembeddingsecuritycontrolsinsoftware.Butsoftwareengineeringteamsexperiencefrictionthatmakesitdif?cultforthemtoaccomplishsecuritygoals.

■ Securityguidelinescanbedif?cultfordeveloperstointerpretandapplytotheirspeci?ccontext—only42%ofsoftwareengineeringprofessionalsbelievethatsecurityrequirementsareeasyforthemtounderstand.

■ Developersoftenlackaccesstosecurityexpertiseandguidance—nearlyhalfofsoftwareengineeringprofessionalsreportthattheystruggletoaccesssecurityexpertisewhenneeded.

Gartner,Inc.|Page1of11

Recommendations

■ Easetheburdenondevelopersbyidentifyingandaddressingtheirtoppainpointsincompletingsecurityactivities,inclosecollaborationwiththesecurityteam.

■ Makesecurityguidanceconsumableandactionablebyhelpingdeveloperseasilyinterpretresultsfromtools,suchasthroughacompositevulnerabilitydashboard,andbycommunicatingsecurityguidanceindeveloper-friendlylanguage.

2024如何实现开发者友好型应用安全策略指南英文版 .docxVIP