Shifting from Reaction to Prevention:
The Changing Face of Software Security

Organizations continue to see the same software vulnerabilities arise in their code time and again, many of which have been known for decades. This continues to be an issue despite development teams deploying scanning tools to check for security issues, managers tasked with hiring security aware developers, and developers believing they are skilled in secure coding.

This paper explores the reasons why this problem continues to persist, drawing on an in-depth survey of developers’ and development managers’ attitudes towards secure coding, and analyzes how organizations can stop repeat vulnerabilities from happening once and for all.

In order to accomplish this, we engaged with Evans Data Corporation to conduct a study on how developers and development managers understand how application security practices are changing.