Your public app has to be highly secured. No second thoughts as your reputation as an organisation is at risk.
However we hear frequent news of hacking and sensitive data being compromised. What this means is that the developer community hasn’t yet adapted to a practice of writing secured code. Even today, security testing is often considered as a ceremony before going live.
Here we see a list of reasons preventing developers writing secured code.
- Lack of developers awareness around security vulnerabilities and the best practices to avoid them.
- Less integrated security toolset. Ideally, there needs to be toolset that’s integrated into developer IDE which uncovers vulnerabilities before every commit.
- High level of false positives in reports make dealing with them a costly offer.
- Every increasing pressure to burn more velocity with every sprint to reduce cost often ends in compromising quality aspects.