Global Study Highlights Existing Organisational Culture as a Key Hurdle to Embed Security Throughout the Software Development Lifecycle
CA Technologies (NASDAQ:CA) has revealed the results of a global study of more than 1,200 IT leaders, including 466 across six countries in Europe, on the topic of secure software development. Conducted by IT industry analyst firm Freeform Dynamics, the new report entitled, “Integrating Security into the DNA of Your Software Lifecycle,” highlights the influence of culture on the ability of UK organisations to integrate security practices as part of the software development lifecycle – a practice critical to business success in the digital economy.
In the study, 94% of UK respondents confirm that software development supports growth and expansion, and 86% say it drives digital transformation. The findings also reveal that 65% agree that security threats arising from software development issues are a growing concern. However, half (51%) of UK organisations cite “existing culture” as a key barrier to embedding security within processes, and only 16% strongly agree the organisation’s culture and practices support collaboration across development, operations and security – the lowest figure in Europe. Against this backdrop, CA Veracode’s State of Software Security Report 2017 indicates that vulnerabilities continue to crop up in previously untested software at alarming rates, with organisations globally reporting that 77% of apps have at least one vulnerability on initial scan.
“Security is a key principle in any Modern Software Factory. While our study confirms an overarching recognition of the importance of building and maintaining applications securely, the culture within UK organisations still needs to be modified to improve collaboration between IT teams, and get faster feedback from the real world on vulnerabilities and how to tackle them quickly,” says Stephen Walsh, Sr Director, Security, CA Technologies. “Building security into every step of application delivery with DevSecOps, together with advanced technologies like machine learning and behavioural analytics, can significantly drive better business outcomes and ultimately, change the way business is conducted.”
Security needs to be embedded into development
The research highlights that a majority of UK organisations recognise that rapidly changing business and regulatory demands require organisations to modify how security is managed in their software development processes. In particular, it reveals that the traditional approach of testing security at the end of the development process is no longer sufficient: 91% of UK organisations believe it is essential or important to make security a more embedded part of the software development process, not tagged on, often hurriedly, at the end. Some 70% also agree/strongly agree that it is critical to integrate security practices earlier in the software development cycle – in other words adopt DevSecOps. This compares with 88% of respondents in France and 79% in Spain.
In reality though, only 30% of UK organisations have already made security an integral part of DevOps (i.e. implementing DevSecOps), compared with 44% in France and a Europe-wide average of 28%. Moreover, just 26% have already implemented early and continuous testing of apps for security vulnerabilities, compared with 38% in Italy.
Lack of skills and time impede security – but automation is imminent
In addition to existing organisational culture being identified as a key hurdle to secure software development, some 52% of UK organisations agree that a lack of skills also prevents them from making security integral to the entire software development process – from application requirements assessment through design to delivery – while 71% cite time pressures. The immense challenges associated with these processes make the use of automation tools essential as few, if any, organisations have the skilled human resources or time available to tackle such complex, urgent challenges.
Two emerging technologies with automation at the core – behavioural analytics and machine learning – can help address the skills gap and time issues while improving security. According to the study, 83% of UK organisations see both of these advanced technologies as key to providing a better user experience while still protecting user data (compared with 94% of Spanish organisations and 92% of Italian ones). This is fundamental to taking pre-emptive action to avoid a data breach and/or mitigate the impact of one, and essential to authenticating controls based on what a user is doing and what is known about them. In fact, 77% of organisations are now using analytics, machine learning and artificial intelligence to enrich insights into customer needs and behaviours (6% more than the European average), while 78% are increasing automation across the software development lifecycle.
Software Security Masters show the way forward in Europe
The report showcases characteristics of “Software Security Masters” (the top 32% of EMEA respondents) which are organisations that have been able to fully integrate security fully into the software development life cycle. This includes conducting early and continuous application testing for security vulnerabilities as well as embracing the practice of DevSecOps.
At a pan-European level, when compared with the mainstream, 1.7x more Software Security Masters strongly agree that in addition to protecting a company’s data and systems, they viewed security as an enabler of new business opportunities, and exhibited the following attributes:
- 50% higher profit growth
- 40% higher revenue growth
- Are 2.4x more likely to have security testing keep up with frequent app updates
- Are 1.9x more likely to be outpacing their competitors
“Organisations that are Software Security Masters not only show a strong correlation between embedding security in the DNA of software development and achieving strong top and bottom line performance, they also exemplify the mindset and skills needed to succeed in the digital economy and are agents of change as they shape the organisational culture that’s so key to creating the workplace of the future,” concluded Walsh. “Not every organisation is at the stage of being a Software Security Master, but employing a strategy of continuous security can accelerate the move to becoming a master, thereby improving time to market and enhancing the organisation’s ability to compete and grow.”
The global online survey of 1,279 senior IT and business executives was sponsored by CA Technologies and conducted by industry analyst firm Freeform Dynamics in July 2017. It included 466 respondents from six European countries: France, Germany, Italy, Spain, Switzerland and the UK. The research was augmented by in-depth telephone interviews with key industry executives. For full survey methodology details, please see the report, “Integrating Security into the DNA of Your Software Lifecycle.”
Download the full report and other supporting materials:
‘No dinosaur’ – Carmaker Stellantis steps up electric ambitions
By Giulio Piovaccari, Gilles Guillaume and Nick Carey
MILAN/PARIS (Reuters) – Newly-formed Stellantis, a combination of Peugeot-maker PSA and Fiat Chrysler (FCA), wants to use its clout to take on rivals racing to produce more electric vehicles, Chief Executive Carlos Tavares said on Wednesday.
Stellantis is now the world’s fourth largest carmaker, with 14 brands including Opel, Jeep, Ram and Maserati, and like its peers, it is grappling with a shortage of semiconductors and investments in electric vehicles.
Low global car inventories and cost cuts should help boost profit margins this year, though the carmaker is also looking beyond savings, Tavares said.
“This is not a crisis merger,” he told an analyst conference, after Stellantis forecast higher profitability for 2021 and PSA and Fiat which merged in January reported better-than-expected results for 2020.
“This is a merger that is going to open new opportunities for a company that is sound, with talented people … who do not want to be cornered in a legacy or a dinosaur position.”
Stellantis aims to deliver over 5 billion euros a year in savings through the merger, as well as bulking up to face industry challenges.
Automakers are racing to develop electric vehicles to meet tighter CO2 emissions targets in Europe and this week Volvo joined a growing number of carmakers aiming for a fully-electric line-up by 2030.
Stellantis plans to have fully-electric or hybrid versions of all of its vehicles available in Europe by 2025, broadly in line with plans at top rivals such as Volkswagen and Renault-Nissan, although Stellantis has further to go to meet that goal.
The group said 2021 results should be helped by three new high-margin Jeep vehicles in North America and a strong pricing environment there. The U.S. market has driven profits for years at FCA and starts off as the strongest part of Stellantis.
The carmaker is targeting an adjusted operating profit margin of 5.5%-7.5% this year.
That compares with a 5.3% aggregated margin last year: 4.3% at FCA and 7.1% at PSA excluding a controlling stake in parts maker Faurecia, which is set to be spun-off from Stellantis shortly.
Tavares said he did not consider the guidance to be cautious. It assumes no more significant lockdowns caused by the global COVID-19 pandemic, but the executive warned of other headwinds including the rising price of raw materials.
The industry is being squeezed by a COVID-19-related global shortage of semiconductors, used for everything from maximising engine fuel economy to driver-assistance features.
Tavares said the problems might not be fully resolved by the second half of 2021, as some auto rivals have flagged, describing supplies as the “big unknown” for revenues in 2021.
The group is now working through reorganising some of its factory set-ups, though it has pledged to close no plants, and finalising new management teams.
Priorities for 2021 will also include defining a strategy for China, Tavares said, where some Stellantis brands have struggled more than rivals.
Tavares, who previously ran PSA, achieved an improvement in margins at the French carmaker by cutting costs, simplifying its vehicle line-up and delivering synergies on its purchase of Opel/Vauxhall, a strategy investors hope he can replicate.
Combined adjusted earnings before interest and tax (EBIT) amounted to 7.1 billion euros ($8.6 billion) at the group last year. At the end of 2020, combined liquidity stood at 57.4 billion euros and free cash flow at 3.3 billion euros.
Stellantis is planning a capital markets day for late 2021 or early 2022. The group’s shares closed flat on Wednesday.
(Reporting by Giulio Piovaccari in Milan, Nick Carey in London and Gilles Guillaume in Paris. Additional reporting by Giancarlo Navach and Sarah White. Editing by Mark Potter and Elaine Hardcastle)
Volkswagen CEO tweets, Musk-style, on market-cap milestone
By Thyagaraju Adinarayan and Christoph Steitz
LONDON/FRANKFURT (Reuters) – When the market value of Germany’s Volkswagen briefly rose above the 100-billion-euro mark on Wednesday for the first time since 2015, the boss of the normally staid carmaker took to Twitter, Elon Musk-style, to crow about it.
VW shares soared as much as 6% after investment bank UBS raised its price target on the stock by 50% and said the company’s new electric vehicle platform was set to challenge Tesla’s dominance in the battery electric vehicle (BEV) market.
Herbert Diess, chief executive of VW Group, highlighted the UBS note on Twitter and shared the market capitalisation milestone.
“The market has been waiting for our #BEV-ramp-up and wanted to see some proof points,” Diess posted.
Traders reacted with comparisons to Tesla chief Elon Musk who frequently uses Twitter to talk up products developed by his companies, cryptocurrencies or other buzzing technologies.
The comparison, at least for now, must end there.
Diess sent his first tweet using the “@Herbert_Diess” handle less than two months ago and has since tweeted 51 times. While he has managed to amass almost 25,000 followers in this time, Musk can boast of 48.3 million.
“The sheer fact that he started his own account apart from the official VW account tells me, that between the lines he wants to express: We are here,” a Germany-based trader said.
Though unrelated and more a market-moving tweet, another trader highlighted instances of a probe by the U.S. Securities and Exchange Commision on Musk’s tweet in 2018 that he was considering taking Tesla private at $420 a share.
EV RACE VS. MARKET CAP RACE
But despite recent share price gains — up 20% this year — VW’s market capitalisation is just one-sixth that of Tesla. Shares trade 7.5 times 12-month forward earnings; possibly its role in the EV transition is not fully priced.
Tesla meanwhile trades at 160 times 12-month forward earnings, levels many consider bubble-like.
On the market capitalisation gap, UBS said VW’s only takes into account its EV business out to 2025, and doesn’t price its cash flow-rich legacy business, indicating there is room for the share price to rise.
It added that VW would likely “master” the transition to close the volume gap with Tesla in 2022.
At 300 euros, UBS has the most bullish price target on VW. Analysts’ median price target on its shares was 191 euros, according to Refinitiv data.
Preferred shares, which are listed in Germany’s benchmark DAX index, hit January 2018 highs on Wednesday, while ordinary shares rose as much as 5.6% to their highest since July 2015, two months before the diesel scandal broke.
VW closed 4.7% higher at 185.18 euros per share on the day, taking its market value to 99 billion euros.
Tesla vs VW https://fingfx.thomsonreuters.com/gfx/buzz/ygdvzellrpw/Pasted%20image%201614767907811.png
(Reporting by Thyagaraju Adinarayan in London and Christoph Seitz in Frankfurt; Editing by Sujata Rao and Jonathan Oatis)
UK offers ‘super deduction’ to temper 25% corporation tax hike
LONDON (Reuters) – Britain will raise corporation tax to 25% from 19% from 2023 to help pay for the cost of the COVID crisis but tempered the tax rise with a “super deduction” to spur investment, finance minister Rishi Sunak said on Wednesday.
“The government is providing businesses with over 100 billion pounds of support to get through this pandemic so it is fair and necessary to ask them to contribute to our recovery,” Sunak told parliament.
“Even after this change, the United Kingdom will still have the lowest corporation tax rate in the G7,” Sunak said.
Sunak said he would encourage businesses to invest their cash reserves with a so-called “super deduction” to reduce their tax bill by 130% of the cost.
He said that under existing rules, a construction firm buying 10 million pounds of new equipment could reduce their taxable income in the year they invest by 2.6 million pounds but with the “super deduction” they could reduce it by 13 million pounds.
“We’ve never tried this before in our country,” Sunak said.
Sunak quoted the Office for Budget Responsibility as saying it would boost investment by 10%; around 20 billion higher per year.
“It makes our tax regime for business investment truly world-leading, lifting us from 30th in the OECD, to 1st,” he said.
“This will be the biggest business tax cut in modern British history.”
The United Kingdom introduced corporation tax at a rate of 40% in 1965. It rose to a high of 52% in the 1970s.
In the 1980s, the main rate was cut to 35% under Margaret Thatcher, then during the 1990s from 35% to 30% and eventually to 20%.
The rate was cut to 19% from 2017 and was supposed to be reduced further to 18% and then 17% but has been held at 19%.
Sunak said small businesses with profits of less than 50,000 pounds a year would be charged only 19% – so around 70% of businesses would be unaffected.
He also said the government would taper in the tax on profits above 50,000 pounds so that only businesses with profits of 250,000 pounds or more – around 10% of companies – would be taxed at the full 25% rate.
(Reporting by Guy Faulconbridge, editing by Estelle Shirbon)
Analysis: Global bond rout puts BOJ’s yield curve control in spotlight
By Leika Kihara TOKYO (Reuters) – The Bank of Japan’s success in controlling the shape of the bond market’s yield...
Wall Street slides on tech sell-off, other world stocks flat
By Suzanne Barlyn NEW YORK (Reuters) – Wall Street fell on Wednesday as investors sold off technology stocks, while shares...
‘No dinosaur’ – Carmaker Stellantis steps up electric ambitions
By Giulio Piovaccari, Gilles Guillaume and Nick Carey MILAN/PARIS (Reuters) – Newly-formed Stellantis, a combination of Peugeot-maker PSA and Fiat...
Sunak gives UK economy a new boost to see out COVID crisis, tax rises ahead
By David Milliken, William Schomberg and Andy Bruce LONDON (Reuters) – Finance minister Rishi Sunak delivered what he hopes will...
European stocks muted as rise in yields, inflation bets curb initial gains
By Sruthi Shankar and Ambar Warrick (Reuters) – European stocks ended flat on Wednesday, with gains in economy-sensitive sectors offset...