With a total of 26,447 vulnerabilities disclosed in 2023, can security really be an afterthought?

As these threats continue to rise – Qualys reported a 26–fold increase since the year 2000 – integrating security early in the software development lifecycle is becoming more critical than ever.

This surge in security gaps, coupled with increasingly sophisticated cyberattacks, underscores how dramatically the threat landscape has evolved, placing immense pressure on cyber security teams and businesses.

Yet, adoption of Secure by Design principles remains, unfortunately, extremely low (something we’re hoping to help change).

Research by Secure Code Warrior, released in late 2024, revealed less than 4% of software developers globally receive training in Secure by Design practices. Furthermore, there are just 3.87 application security specialists for every 100 developers.

The benefits of adopting Secure by Design are substantial. That same research showed that, for large organisations with extensive development teams, Secure by Design practices could reduce vulnerabilities by as much as 47–53%. Not only does Secure by Design cut down the likelihood of successful cyber attacks, but it also brings long–term cost savings and builds customer trust.

So, will Secure by Design become the new norm? We certainly hope so.

With initiatives like CISA’s Secure by Design framework emphasising vendor responsibility over user accountability, and with customers increasingly demanding secure products, Secure by Design is poised not just to be a best practice, but the way forward for a more secure digital future.