Responsibility for the security of our applications has traditionally been in the hands of the company’s security professionals. Developers would design and build the product, and security experts would perform their reviews and flag issues for remediation. Everyone pretty much knew what their role entailed.

However, these days, the lines over who owns security are being blurred. What we see is a clear movement of ownership for the day-to-day operational responsibility for application security with 71% of the respondents stating the ownership lies in the software development side, whether it is by the DevOps teams, the development team leaders or the developers themselves.

The reasoning is clear, as fixing a security vulnerability earlier in the software development process (during coding) significantly reduces the cost and effort needed, which not only increases agility but also produces better-secured applications from the get-go.

This transition is leading to a revision of job descriptions where the developers are able to handle most of the day-to-day security work for their product, allowing security professionals to focus on the bigger picture projects like establishing better security processes and practices for their organization.