Home > News > featured news > Huawei and RCR Wireless Host a Fireside Chat on Zero-Trust Cybersecurity Strategy

DATA SECURITY

Huawei and RCR Wireless Host a Fireside Chat on Zero-Trust Cybersecurity Strategy

Huawei | May 13, 2021

In collaboration with RCR Wireless, Huawei Technologies USA held a fireside chat with Andy Purdy, Chief Security Officer at Huawei Technologies USA, and Sean Kinney, Editor in Chief at RCR Wireless, to explore how organizations can understand and adopt zero-trust strategies. Purdy, a cybersecurity specialist, provides insights into accelerating the global adoption of standardized processes for ensuring the security of all telecom devices. He also discusses the wider implications of Huawei's inclusion on the US export controls list on the supply chain. While the list was established to protect national security, it has grown in scope and has had unexpected consequences for the global supply chain.

The fireside chat, which can be seen here, goes into greater detail on the importance of reestablishing global trust and cooperation to maintain a regular supply chain. Zero-trust cybersecurity strategies can promote an environment for innovation while also protecting national security through an intervention based on facts, verification, transparency, and risk management. The zero-trust model, which is based on never trusting and always verifying, assists companies in minimizing damage and reducing the possibility of hackers trying to infiltrate their systems. Following SolarWinds and other cyberattacks, the cybersecurity community has recognized the crucial importance of transparency and accountability. Experts emphasize the growing importance of incentives to encourage companies to uphold secure cybersecurity practices, as well as the need to hold organizations accountable when they fail to do so.

Are telecom operators building their networks following zero-trust principles? What will experts do to improve industry assurance, accountability, and transparency? What else will Huawei do to push for the global adoption of standardized processes for checking the security of all telecom equipment, not just Huawei's? And how has Huawei's inclusion on the U.S. Commerce Department's Bureau of Industry and Security entity list affected the company overall? Purdy and Kinney delve into these and other issues, including actionable insights into making cyberspace safer and more transparent by using zero-trust cybersecurity.

About Huawei

Huawei is a world leader in infrastructure and smart devices for information and communications technology (ICT). We are dedicated to bringing digital to every person, home, and enterprise through interconnected technologies across four key domains – telecom networks, IT, smart devices, and cloud services – for a fully connected, intelligent world.

Huawei's whole product, solution, and service portfolio are both competitive and secure. We create long-term value for our customers by an open partnership with ecosystem partners, collaborating to empower people, enhance home life, and inspire innovation in organizations of all sizes.

Huawei innovates to meet the needs of its customers. We make significant investments in basic research, focusing on technological breakthroughs that drive the world forward. We hire over 188,000 people and operate in over 170 countries and regions. Huawei, which was established in 1987, is a private company that is entirely owned by its employees.

Spotlight

One Step Ahead: End-to-End DDoS Defense for Financial Services

"Motivated by idealistic and monetary goals, well-organized hacker groups have set their sights on financial institutions and are attacking with a vengeance - armed with institutional intelligence and striking with unprecedented persistence. Because of this, every financial services company - whether a multi-million dollar bank or a local credit union - is now a potential target for distributed denial of service (DDoS) threats."

More featured news

Spotlight

One Step Ahead: End-to-End DDoS Defense for Financial Services

"Motivated by idealistic and monetary goals, well-organized hacker groups have set their sights on financial institutions and are attacking with a vengeance - armed with institutional intelligence and striking with unprecedented persistence. Because of this, every financial services company - whether a multi-million dollar bank or a local credit union - is now a potential target for distributed denial of service (DDoS) threats."

Related News

NETWORK THREAT DETECTION

Chariton Valley Commits To Protecting All Customers From Growing Cybersecurity Threats With Calix ProtectIQ Home Network Security

Calix | July 15, 2022

Calix, Inc. (NYSE: CALX) announced today that Chariton Valley Telephone Corporation (Chariton Valley) expects to double its customer connections after providing ProtectIQ® home network security to all customers at no cost. Chariton Valley leverages the full power of Calix Revenue EDGE to transform its value proposition and improve the customer experience. In May, the 70-year-old broadband service provider (BSP) launched ProtectIQ, part of Calix Revenue EDGE Suites, as it continues to roll out GigaSpire® BLAST systems across its Midwestern communities. In a climate of increased cybersecurity concerns, Chariton Valley has equipped all GigaSpire BLAST customers with effortless access to robust home network security. In doing so, the BSP increases customer loyalty across rural regions and nearby cities in north-central and northeast Missouri. Many Chariton Valley customers have sophisticated internet habits—half identify as gamers and almost 40 percent work from home. By evolving its value proposition, the innovative BSP has also fortified itself against billion-dollar market cap competition in Palmyra and Hannibal. In its first two months of offering ProtectIQ to all customers, Chariton Valley blocked more than 48,000 web threats, intrusions, malware, and viruses from entering home networks—proving the immediate value of its investments. The comprehensive Revenue EDGE platform enables BSPs of all sizes to easily and quickly launch differentiating turnkey, managed offerings. Chariton Valley continues to evolve its value proposition and strengthen its growing customer connections by: Transforming its business to help communities thrive for decades. Chariton Valley is on track to complete a historic five-year, $42 million fiber-to-the-home (FTTH) buildout in its member service territory, and another $40 million in expansion opportunities next year by leveraging the secure broadband access network platform, Calix Intelligent Access EDGE™. In May, it began rolling out turnkey, managed offerings in EDGE Suites, starting with ProtectIQ, recently recognized by the cybersecurity industry as “Best in Anti-Phishing, Network Security & Management,” at no cost to its customers. As a result, Chariton Valley blocked thousands of web threats in only two months—further proving the value of its investment in the region. Creating internet experiences that grow with customers’ needs. After the successful rollout of ProtectIQ, Chariton Valley is now taking a targeted approach to introduce its second EDGE Suite, the advanced parental controls in ExperienceIQ®. Calix-partnered BSPs have seen a 178 percent increase in people using ExperienceIQ since the beginning of the year. Both ProtectIQ and ExperienceIQ are accessed through the BSP’s branded subscriber-facing mobile app, built on CommandIQ®, giving customers more control over their home networks. Leveraging data and insights to offer services that meet each customer’s unique needs. Using the insights and analytics in Calix Marketing Cloud (Marketing Cloud), even a small BSP like Chariton Valley can successfully leverage data for segmenting and targeting. For example, Chariton Valley uses Marketing Cloud to uncover which of its customers are most likely to need the advanced parental controls of ExperienceIQ. Now their marketing team can quickly identify the right people for the new service. This enables Chariton Valley to get maximum ROI from every dollar invested in marketing. “As a member-owned organization, the customer experience informs everything we do,” said Kirby J. Underberg, president and chief executive officer at Chariton Valley. “Chariton Valley is committed to the region’s future—the investment we made building a secure fiber network will benefit people living in north-central and northeast Missouri for the next three decades. However, we also understand that we are responsible for protecting our customers from the increasing threat of digital dangers that come along with the positive generational impact of secure, fast Wi-Fi. By adding critical services like home network security and advanced parental controls, we will continue to invest in our customers by providing superior internet experiences long after the latest deals from our competitors expire.” Along with ProtectIQ and ExperienceIQ, EDGE Suites also includes connected home camera security systems (Arlo Secure). Additionally, Calix is launching two new managed offerings this summer: social media monitoring (Bark) and connected device protection (Servify Care). “Chariton Valley’s incredible first two months offering ProtectIQ to all customers underlines why today’s successful broadband business must be about more than just fast Wi-Fi, ProtectIQ has helped BSPs of all sizes block millions of digital threats in 2022. The Missouri-based market leader competes against a billion-dollar market cap company and wins because it leverages the full power of the Revenue EDGE platform to easily and quickly launch turnkey, managed offerings like ProtectIQ that improve the customer experience. We look forward to supporting Chariton Valley’s continued growth as they evolve their value proposition to reflect their commitment to protecting customers in north-central and northeast Missouri.” Matt Collins, executive vice president of commercial operations and chief marketing officer at Calix About Calix Calix, Inc. Calix cloud and software platforms enable service providers of all types and sizes to innovate and transform. Our customers utilize the real-time data and insights from Calix platforms to simplify their businesses and deliver experiences that excite their subscribers. The resulting growth in subscriber acquisition, loyalty, and revenue create more value for their businesses and communities. This is the Calix mission: to enable broadband service providers of all sizes to simplify, excite, and grow. This press release contains forward-looking statements that are based upon management’s current expectations and are inherently uncertain. Forward-looking statements are based upon information available to us as of the date of this release, and we assume no obligation to revise or update any such forward-looking statement to reflect any event or circumstance after the date of this release, except as required by law. Actual results and the timing of events could differ materially from current expectations based on risks and uncertainties affecting Calix’s business. The reader is cautioned not to rely on the forward-looking statements contained in this press release. Additional information on potential factors that could affect Calix’s results and other risks and uncertainties are detailed in its quarterly reports on Form 10-Q and Annual Report on Form 10-K filed with the SEC.

Read More

DATA SECURITY,SOFTWARE SECURITY,WEB SECURITY TOOLS

At-Bay Selects Guidewire Cyence to Enhance Cyber Portfolio Accumulation Risk Management and Further Propel Market Growth

At-Bay, Inc. | September 17, 2022

At-Bay, the insurance provider for the digital age, and Guidewire today announced that At-Bay has chosen Guidewire’s cyber risk modeling and analytics product, Cyence, to further bolster its view, and management of, aggregation risk, within its growing cyber insurance portfolio. “Cyber risk aggregation is an important area of risk that every insurer should be actively monitoring and managing within their cyber portfolio. Investing in the right data capabilities, tools, and mechanisms for monitoring and sizing aggregation risk exposure is critical to managing cyber insurance risk in today’s fast changing threat landscape,” said Roman Itskovich, At-Bay’s Chief Risk Officer and Co-Founder. “With At-Bay’s steadfast focus on proactive risk management, Guidewire’s solution will help us to expand our data capabilities and toolkit for proactive risk management, so that we can continue to deliver great loss results,” Itskovich added. By combining world-class technology with industry-leading insurance expertise, At-Bay aims to provide the clarity and confidence that businesses need to address digital risk head on. Founded in 2016, At-Bay protects tens of thousands of business customers from today’s ever growing cyber threat landscape. With its in-house data collection capabilities aimed at addressing attritional risk in the selection, pricing, and active risk management of its portfolio, At-Bay will now expand its focus to aggregated risk exposures. “We selected Guidewire because it has a strong reputation for being one of the top cyber risk vendors, especially for transparency, in-house data collection, and market validation. “By applying Cyence’s advanced risk models and detailed aggregated risk scenarios to our own active risk monitoring capabilities and claims experience, we believe that we will be able to further enhance our underwriting and portfolio risk management decisions, and maintain a strong loss performance as our book grows.” Yoshifumi Yamamoto, Director of Cyber Risk Modeling, At-Bay Commenting on the news, Charles Clarke, Group Vice President, Analytics Sales & Advisory, Guidewire, said, “We admire At-Bay’s use of Cyence to expand its modeling capabilities to account for aggregated risk. We are pleased by their vote of confidence in our cyber capabilities and look forward to infusing data analytics to help At-Bay’s clients meet digital risk head-on.” About At-Bay, Inc. At-Bay is the insurance provider for the digital age. By combining world-class technology with industry-leading insurance expertise, At-Bay was designed from the ground up to empower businesses to thrive in the digital world. At-Bay is backed by Acrew Capital, Glilot Capital, the HSB fund of Munich Re Ventures, Icon Ventures, ION Crossover Partners, Khosla Ventures, Lightspeed Venture Partners, M12, entrepreneur Shlomo Kramer, and Qumra Capital. www.at-bay.com About Guidewire Software Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. ​We combine digital, core, analytics, and AI to deliver our platform as a cloud service. Approximately 520 insurers in 38 countries, from new ventures to the largest and most complex in the world, run on Guidewire.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Security Compass Releases New Study: 2022 Developer Perspectives on Application Security

Security Compass | August 26, 2022

Security Compass, a leading cybersecurity solution provider, has published the results of a research study examining developer views on application security, including the challenges and opportunities they face in their secure development efforts. The report, “2022 Developer Perspectives on Application Security,” provides a deep dive into security maturity, threats, requirements, tools, resources, and training. In order for software developers and security teams to effectively collaborate and ensure that a company’s software products are secure, developers need automated, current, relevant, and actionable JITT training embedded into their development tools and processes. Security Compass’ research found that while most developers believe their enterprise has a mature security posture, almost half find it challenging to stay up to date with current security and compliance-related activities. The “2022 Developer Perspectives on Application Security” study raises awareness about how automation can solve many challenges for developers in secure application development. Key takeaways from the study include: The number one most important means to thwarting security threats according to developers is automated threat modeling (46% claiming it was “mission critical” and another 36% indicating it was “quite important”). 42% of developers who have been assigned requirements related to security and compliance find it challenging to stay up to date with current security and compliance-related activities. 28% of respondents claim that scope “creep” in security compounds challenges, with another 19% believing that security processes take too much time. Overall, developers are in favor of security training, with 32% of developers opting to pursue training on their own (63% of respondents reported being mandated to do training). Developers from smaller companies ($10M to $100M) were more than twice as likely (31% vs. 14%) as those from the largest companies ($5B+) to use ad hoc or reactive means to “gate-keep” releases from a security perspective. On average, 34% of software requirements are related in some way to security and compliance, yet only 25% of companies have shifted security left into the Design Stage of software development. “When building secure software, developers must be system thinkers. Ideally, they engage secure methods early in the design process, engage with key security personnel and stakeholders and insist on automated cybersecurity tools that efficiently guide them throughout the SDLC," said Rohit Sethi, CEO of Security Compass. “Software built with the needs of software developers at the forefront is essential to the task of cybersecurity, and companies that want to attract and support developers in their efforts to build cyber-resilient software need to look to integrated cybersecurity software. This is reinforced by Security Compass’ study that software that provides just-in-time training (JITT) and guidelines for software developers is essential for accomplishing these goals.” For more information about the adoption of security and compliance processes by developers across organizations of various sizes, download the full “2022 Developer Perspectives on Application Security” study. About the Survey Security Compass commissioned Golfdale Consulting to conduct this survey research project. The survey was conducted in Q2 2022 and was based on 250 respondents from the US and UK markets working in companies ranging from $10 million to $10 billion in size. Half of the developers surveyed worked for technology companies, while the other half came from enterprises ranging from manufacturing to insurance . Respondent roles included a mix of developers from software development/DevOps (62%), IT infrastructure and back office (22%) and cyber/information security (14%). About Security Compass Security Compass, a pioneer in application security, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, helps organizations accelerate software time to market and reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries.

Read More

NETWORK THREAT DETECTION

Chariton Valley Commits To Protecting All Customers From Growing Cybersecurity Threats With Calix ProtectIQ Home Network Security

Calix | July 15, 2022

Calix, Inc. (NYSE: CALX) announced today that Chariton Valley Telephone Corporation (Chariton Valley) expects to double its customer connections after providing ProtectIQ® home network security to all customers at no cost. Chariton Valley leverages the full power of Calix Revenue EDGE to transform its value proposition and improve the customer experience. In May, the 70-year-old broadband service provider (BSP) launched ProtectIQ, part of Calix Revenue EDGE Suites, as it continues to roll out GigaSpire® BLAST systems across its Midwestern communities. In a climate of increased cybersecurity concerns, Chariton Valley has equipped all GigaSpire BLAST customers with effortless access to robust home network security. In doing so, the BSP increases customer loyalty across rural regions and nearby cities in north-central and northeast Missouri. Many Chariton Valley customers have sophisticated internet habits—half identify as gamers and almost 40 percent work from home. By evolving its value proposition, the innovative BSP has also fortified itself against billion-dollar market cap competition in Palmyra and Hannibal. In its first two months of offering ProtectIQ to all customers, Chariton Valley blocked more than 48,000 web threats, intrusions, malware, and viruses from entering home networks—proving the immediate value of its investments. The comprehensive Revenue EDGE platform enables BSPs of all sizes to easily and quickly launch differentiating turnkey, managed offerings. Chariton Valley continues to evolve its value proposition and strengthen its growing customer connections by: Transforming its business to help communities thrive for decades. Chariton Valley is on track to complete a historic five-year, $42 million fiber-to-the-home (FTTH) buildout in its member service territory, and another $40 million in expansion opportunities next year by leveraging the secure broadband access network platform, Calix Intelligent Access EDGE™. In May, it began rolling out turnkey, managed offerings in EDGE Suites, starting with ProtectIQ, recently recognized by the cybersecurity industry as “Best in Anti-Phishing, Network Security & Management,” at no cost to its customers. As a result, Chariton Valley blocked thousands of web threats in only two months—further proving the value of its investment in the region. Creating internet experiences that grow with customers’ needs. After the successful rollout of ProtectIQ, Chariton Valley is now taking a targeted approach to introduce its second EDGE Suite, the advanced parental controls in ExperienceIQ®. Calix-partnered BSPs have seen a 178 percent increase in people using ExperienceIQ since the beginning of the year. Both ProtectIQ and ExperienceIQ are accessed through the BSP’s branded subscriber-facing mobile app, built on CommandIQ®, giving customers more control over their home networks. Leveraging data and insights to offer services that meet each customer’s unique needs. Using the insights and analytics in Calix Marketing Cloud (Marketing Cloud), even a small BSP like Chariton Valley can successfully leverage data for segmenting and targeting. For example, Chariton Valley uses Marketing Cloud to uncover which of its customers are most likely to need the advanced parental controls of ExperienceIQ. Now their marketing team can quickly identify the right people for the new service. This enables Chariton Valley to get maximum ROI from every dollar invested in marketing. “As a member-owned organization, the customer experience informs everything we do,” said Kirby J. Underberg, president and chief executive officer at Chariton Valley. “Chariton Valley is committed to the region’s future—the investment we made building a secure fiber network will benefit people living in north-central and northeast Missouri for the next three decades. However, we also understand that we are responsible for protecting our customers from the increasing threat of digital dangers that come along with the positive generational impact of secure, fast Wi-Fi. By adding critical services like home network security and advanced parental controls, we will continue to invest in our customers by providing superior internet experiences long after the latest deals from our competitors expire.” Along with ProtectIQ and ExperienceIQ, EDGE Suites also includes connected home camera security systems (Arlo Secure). Additionally, Calix is launching two new managed offerings this summer: social media monitoring (Bark) and connected device protection (Servify Care). “Chariton Valley’s incredible first two months offering ProtectIQ to all customers underlines why today’s successful broadband business must be about more than just fast Wi-Fi, ProtectIQ has helped BSPs of all sizes block millions of digital threats in 2022. The Missouri-based market leader competes against a billion-dollar market cap company and wins because it leverages the full power of the Revenue EDGE platform to easily and quickly launch turnkey, managed offerings like ProtectIQ that improve the customer experience. We look forward to supporting Chariton Valley’s continued growth as they evolve their value proposition to reflect their commitment to protecting customers in north-central and northeast Missouri.” Matt Collins, executive vice president of commercial operations and chief marketing officer at Calix About Calix Calix, Inc. Calix cloud and software platforms enable service providers of all types and sizes to innovate and transform. Our customers utilize the real-time data and insights from Calix platforms to simplify their businesses and deliver experiences that excite their subscribers. The resulting growth in subscriber acquisition, loyalty, and revenue create more value for their businesses and communities. This is the Calix mission: to enable broadband service providers of all sizes to simplify, excite, and grow. This press release contains forward-looking statements that are based upon management’s current expectations and are inherently uncertain. Forward-looking statements are based upon information available to us as of the date of this release, and we assume no obligation to revise or update any such forward-looking statement to reflect any event or circumstance after the date of this release, except as required by law. Actual results and the timing of events could differ materially from current expectations based on risks and uncertainties affecting Calix’s business. The reader is cautioned not to rely on the forward-looking statements contained in this press release. Additional information on potential factors that could affect Calix’s results and other risks and uncertainties are detailed in its quarterly reports on Form 10-Q and Annual Report on Form 10-K filed with the SEC.

Read More

DATA SECURITY,SOFTWARE SECURITY,WEB SECURITY TOOLS

At-Bay Selects Guidewire Cyence to Enhance Cyber Portfolio Accumulation Risk Management and Further Propel Market Growth

At-Bay, Inc. | September 17, 2022

At-Bay, the insurance provider for the digital age, and Guidewire today announced that At-Bay has chosen Guidewire’s cyber risk modeling and analytics product, Cyence, to further bolster its view, and management of, aggregation risk, within its growing cyber insurance portfolio. “Cyber risk aggregation is an important area of risk that every insurer should be actively monitoring and managing within their cyber portfolio. Investing in the right data capabilities, tools, and mechanisms for monitoring and sizing aggregation risk exposure is critical to managing cyber insurance risk in today’s fast changing threat landscape,” said Roman Itskovich, At-Bay’s Chief Risk Officer and Co-Founder. “With At-Bay’s steadfast focus on proactive risk management, Guidewire’s solution will help us to expand our data capabilities and toolkit for proactive risk management, so that we can continue to deliver great loss results,” Itskovich added. By combining world-class technology with industry-leading insurance expertise, At-Bay aims to provide the clarity and confidence that businesses need to address digital risk head on. Founded in 2016, At-Bay protects tens of thousands of business customers from today’s ever growing cyber threat landscape. With its in-house data collection capabilities aimed at addressing attritional risk in the selection, pricing, and active risk management of its portfolio, At-Bay will now expand its focus to aggregated risk exposures. “We selected Guidewire because it has a strong reputation for being one of the top cyber risk vendors, especially for transparency, in-house data collection, and market validation. “By applying Cyence’s advanced risk models and detailed aggregated risk scenarios to our own active risk monitoring capabilities and claims experience, we believe that we will be able to further enhance our underwriting and portfolio risk management decisions, and maintain a strong loss performance as our book grows.” Yoshifumi Yamamoto, Director of Cyber Risk Modeling, At-Bay Commenting on the news, Charles Clarke, Group Vice President, Analytics Sales & Advisory, Guidewire, said, “We admire At-Bay’s use of Cyence to expand its modeling capabilities to account for aggregated risk. We are pleased by their vote of confidence in our cyber capabilities and look forward to infusing data analytics to help At-Bay’s clients meet digital risk head-on.” About At-Bay, Inc. At-Bay is the insurance provider for the digital age. By combining world-class technology with industry-leading insurance expertise, At-Bay was designed from the ground up to empower businesses to thrive in the digital world. At-Bay is backed by Acrew Capital, Glilot Capital, the HSB fund of Munich Re Ventures, Icon Ventures, ION Crossover Partners, Khosla Ventures, Lightspeed Venture Partners, M12, entrepreneur Shlomo Kramer, and Qumra Capital. www.at-bay.com About Guidewire Software Guidewire is the platform P&C insurers trust to engage, innovate, and grow efficiently. ​We combine digital, core, analytics, and AI to deliver our platform as a cloud service. Approximately 520 insurers in 38 countries, from new ventures to the largest and most complex in the world, run on Guidewire.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Security Compass Releases New Study: 2022 Developer Perspectives on Application Security

Security Compass | August 26, 2022

Security Compass, a leading cybersecurity solution provider, has published the results of a research study examining developer views on application security, including the challenges and opportunities they face in their secure development efforts. The report, “2022 Developer Perspectives on Application Security,” provides a deep dive into security maturity, threats, requirements, tools, resources, and training. In order for software developers and security teams to effectively collaborate and ensure that a company’s software products are secure, developers need automated, current, relevant, and actionable JITT training embedded into their development tools and processes. Security Compass’ research found that while most developers believe their enterprise has a mature security posture, almost half find it challenging to stay up to date with current security and compliance-related activities. The “2022 Developer Perspectives on Application Security” study raises awareness about how automation can solve many challenges for developers in secure application development. Key takeaways from the study include: The number one most important means to thwarting security threats according to developers is automated threat modeling (46% claiming it was “mission critical” and another 36% indicating it was “quite important”). 42% of developers who have been assigned requirements related to security and compliance find it challenging to stay up to date with current security and compliance-related activities. 28% of respondents claim that scope “creep” in security compounds challenges, with another 19% believing that security processes take too much time. Overall, developers are in favor of security training, with 32% of developers opting to pursue training on their own (63% of respondents reported being mandated to do training). Developers from smaller companies ($10M to $100M) were more than twice as likely (31% vs. 14%) as those from the largest companies ($5B+) to use ad hoc or reactive means to “gate-keep” releases from a security perspective. On average, 34% of software requirements are related in some way to security and compliance, yet only 25% of companies have shifted security left into the Design Stage of software development. “When building secure software, developers must be system thinkers. Ideally, they engage secure methods early in the design process, engage with key security personnel and stakeholders and insist on automated cybersecurity tools that efficiently guide them throughout the SDLC," said Rohit Sethi, CEO of Security Compass. “Software built with the needs of software developers at the forefront is essential to the task of cybersecurity, and companies that want to attract and support developers in their efforts to build cyber-resilient software need to look to integrated cybersecurity software. This is reinforced by Security Compass’ study that software that provides just-in-time training (JITT) and guidelines for software developers is essential for accomplishing these goals.” For more information about the adoption of security and compliance processes by developers across organizations of various sizes, download the full “2022 Developer Perspectives on Application Security” study. About the Survey Security Compass commissioned Golfdale Consulting to conduct this survey research project. The survey was conducted in Q2 2022 and was based on 250 respondents from the US and UK markets working in companies ranging from $10 million to $10 billion in size. Half of the developers surveyed worked for technology companies, while the other half came from enterprises ranging from manufacturing to insurance . Respondent roles included a mix of developers from software development/DevOps (62%), IT infrastructure and back office (22%) and cyber/information security (14%). About Security Compass Security Compass, a pioneer in application security, enables organizations to shift left and build secure applications by design, integrated directly with existing DevSecOps tools and workflows. Its flagship product, SD Elements, helps organizations accelerate software time to market and reduce cyber risks by taking an automated, developer-centric approach to threat modeling, secure development, and compliance. Security Compass is the trusted solution provider to leading financial and technology organizations, the U.S. Department of Defense, government agencies, and renowned global brands across multiple industries.

Read More

More featured news