Study Shows Need For Software Security Training Across the SDLC

CMD+CTRL sponsored a recent study conducted in partnership with Wakefield Research that highlights a gap in training for software security across the SDLC: while training remains a key focus among a majority of cybersecurity executives, it is often limited to developers. It also showed that 89% of the developers are expected to invest at least six hours annually in software security training, while only 18% of other stakeholders in the SDLC receive a similar amount of training.

The Costs of Software Security Vulnerabilities and the Push for Training

Security vulnerabilities in software can lead to significant costs and reputational damage for businesses. The study identified customer satisfaction and churn (48%), delays in time to market (46%), and financial costs (45%) as some of the top impacts of security vulnerabilities that keep executives up at night. These concerns explain why businesses are spending between $1M to $4M annually on software security training to meet organizational goals like building a security culture (51%), meeting and maintaining compliance (50%), and addressing skill gaps (49%). And while 97% of the responding organizations offered some form of software security training, 48% of the respondents indicated difficulty in finding training solutions for all relevant roles, including quality assurance, project management, product owners, and other key stakeholders.

The study results suggest a critical need for secure software training that is comprehensive and accessible across all roles in SDLC. Download the study, Enhancing Cybersecurity: The Critical Role of Software Security Training for additional insights on the current state of software security training.

Ready to Level Up Your Security Posture?

CMD+CTRL’s comprehensive suite of role-based modules, skill labs and hands-on cyber ranges are purpose-built to deliver security expertise to all software stakeholders—from developers to architects to the C-suite—to eliminate skills gaps, mitigate risk, achieve compliance, and drive productivity. Contact us today to learn how we can help you launch a successful software security training program to uplevel your security posture.