- A majority of C-suite executives favor a shift-left approach to software development security, according to a CloudBees report, which surveyed 600 executives between June 27 and July 8.
- More than three-quarters are currently implementing shift-left strategies, integrating testing into the software development process. More than 8 in 10 executives surveyed said the approach is important for their companies.
- The move has placed a burden on developers and reduced confidence in software supply chain security. More than half of executives report that shifting left has strained developers and 88% say their supply chain is secure, down from 95% in 2021.
Rethinking software development has yielded big wins for the enterprise. But change begets new and unexpected challenges.
Compliance issues and security concerns are slowing the pace of innovation in software development, according to three-quarters of the executives surveyed by CloudBees, the enterprise software delivery company.
The perils of overburdening development teams have intensified given the tight market for tech talent and companies' struggle to retain IT staff.
Developer talent is particularly in high demand. Software engineers topped Dice’s list of in-demand tech occupations, based on an analysis of three million job postings in the first half of the year.
The most coveted tech workers are aware there are options. Four in 10 of 2,500 developers surveyed by Digital Ocean in April and May said they had considered leaving their current job.
If the talent crunch is a temporary but painful traffic jam on the road to modernization, then security compliance is more akin to a speed limit that will slow the pace over a longer haul.
New cybersecurity guidelines introduced by the National Security Agency and the Cybersecurity and Infrastructure Security Agency, in part a response to the massive SolarWinds software breach of 2020, specifically target the development process and the software supply chain.
While compliance with new federal guidelines is only mandatory for companies doing business with the government, but enhanced security is favored over speed in the development process by more than three-quarters of the executives surveyed by CloudBees.
Performing compliance audits, testing for vulnerabilities and addressing defects slow the development process and, in a shift-left framework, place more responsibility for security on the developers. Balanced against the potential cost of a cyber breach, it’s a tradeoff most companies are willing to accept.