The movement towards a rapid application delivery strategy and away from a traditional waterfall approach to software development is driven by the need to more effectively meet current consumer needs and market opportunities, specifically by making small changes quickly rather than making a large number of changes on a release schedule. However, pre-existing application security strategies must be adapted to meet this new approach.
The traditional waterfall approach, despite focusing primarily on schedule, maintains significant schedule risk.
Reducing security-related risks was found to be a modest driver for investment in rapid application delivery initiatives (19%) in comparison to increasing developer productivity (32%) and increasing the leverage of virtualized infrastructure and cloud services (27%).
Research shows that attacks on web applications have been 7 times more effective than all other attacks on confirmed data breaches.
Aberdeen found that 45% of respondents currently do security threat modeling, while 27% report they plan to do so within the next year.
Click the research report above to read in your web browser, or download as a PDF.