A big one, as it turns out. Organizations aren’t looking at security as just being perimeter protection anymore. The applications themselves need to be built from the ground up with protections that ensure data integrity and prevent compromise.

Security departments used to have the primary responsibility to ensure these goals, but as the pace of development has increased, organizations have shifted security left, making it difficult for security to scale.

This has caused a necessary shift of some of this responsibility to developers, but they are also under pressure to deliver features, and are not always well equipped to make appropriate AppSec decisions.

Since security responsibilities are being put on them, developers should embrace an active role in the process, and should have a voice setting the critical requirements for security solutions. They should demand that policies, processes and especially training that take their needs into account are instituted.

Organizations that provide coaching and training to their developers see a threefold improvement in security finding remediation. Through cross-training, security experts should train developers on best practices, and developers should train security on the demands of the development life cycle.

Join Cody Bertram (LinkedIn profile) Principal Solutions Architect, Veracode & Patrick McNeil, (LinkedIn profile) Principal Solutions Architect, Veracode, for an important discussion on enabling developers to take a more active role in application security.