CA Veracode has released a new report called the State of Software Security Developer Guide. Based on survey results, it suggests that developers do care about security and are eager to fix vulnerabilities when they come to light. “The interesting thing here is that, for the most part, developers don’t try to game the system by rejecting findings primarily as false positives, or as mitigated by design,” the report said.
It also found that security training greatly improves the security profile of the code enterprise application development teams produce. “Remediation coaching from security experts helps developers improve fix rates by an average of 88 percent vs. developers who don’t use remediation coaching. And developers who receive eLearning courses have an average 19 percent higher fix rate,” it said.