When it comes to internal development, how often do security team members attend kickoff meetings for new software projects?

Secure Code & Automation (DevSecOps)Threat & Vulnerability Management

Always23%

Often46%

Sometimes20%

Rarely10%

Never1%

90 PARTICIPANTS

628 views1 Comment

Sort by:

CISO in Insurance (except health)6 months ago

Always. It's part of our Secure SDLC. We have integrated also with our PMO and we have been included also in the projects/initiatives kick-off.

Content you might like

Does your API implementation often get out of sync with the API specification?

Yes84%

No16%

How are you making sure the security team has visibility into social engineering attempts on helpdesk staff, especially with attacks using voice impersonation or other deepfake techniques?

AI Coding Assistants: Velocity or Vulnerability?

Latest research reveals a hidden feedback loop threatening software security:
The Evidence: • ≈33% of Copilot suggestions echo CWE Top-25 flaws (Asare et al., 2024) • ~50% of LLM code snippets contain exploitable bugs (CSET, 2024) • Developers with AI help feel more confident while shipping less secure code (Stanford, 2023)
The Systemic Risk: Flawed AI output is pushed to public repositories, polluting the next model's training data—risk compounding with every release cycle.

What leading teams are doing this quarter:
1. Audit AI-tool usage and establish approved lists
2. Insert AI-aware SAST (e.g., Snyk Code, Semgrep Assistant) into IDEs and CI/CD pipelines
3. Adopt OWASP LLM Top 10 + MAESTRO for threat modeling
4. Track percentage of AI-generated code and its defect rates

Question: How are you measuring AI-generated technical debt today, and what is your plan to stop it from becoming tomorrow's supply-chain crisis?

Share metrics or tools that worked for you.

We are considering modernizing our core insurance system to enhance functionality and efficiency. Your input is valuable to us. Please select the option that best reflects your opinion:

Strongly Agree (I fully support modernizing the core insurance system. It will provide the necessary updates and improvements for our operations.)11%

Agree (I support the idea, but would like to understand more about the costs, time involved, and specific benefits.)24%

Neutral (I don't have a strong opinion either way. I am open to learning more about the potential benefits and challenges.)52%

Disagree (I think our current system meets our needs adequately. Modernization may not be necessary, and I lean towards purchasing a commercial system and keeping the existing one in maintenance mode.)10%

Strongly Disagree (I am opposed to modernizing the core insurance system internally. I believe purchasing a commercial system would be a better solution.)2%

View Results

When it comes to internal development, how often do security team members attend kickoff meetings for new software projects?

Sort by:

Content you might like

Does your API implementation often get out of sync with the API specification?

How are you making sure the security team has visibility into social engineering attempts on helpdesk staff, especially with attacks using voice impersonation or other deepfake techniques?

We are considering modernizing our core insurance system to enhance functionality and efficiency. Your input is valuable to us. Please select the option that best reflects your opinion:

What are you working on to improve your threat hunting program (whether near- or long-term)?

What sets us apart?

Take Your Insights On-the-Go