The ROI of an Agile Learning Platform
Agile learning for secure code in the SDLC pays off
This is the third in a three-part blog series discussing the attributes and benefits of an Agile Learning Platform for secure code. In part 1 we introduced the concept of agile learning and how Secure Code Warrior’s platform exemplifies several agile principles. In part 2 we explored how an agile learning platform replaces traditional compliance-oriented security training.
An agile learning platform delivers a learning experience that allows the learner to internalize and use new skills more effectively, through a combination of hands-on, in-context education that’s truly integrated into their day-to-day job, as part of the job. This approach to learning, as SCW has applied it to developers acquiring secure coding skills, separates SCW from traditional learning modalities and sets us apart. In this third and final blog in the series we walk you through the ROI organizations can expect from an agile learning platform for secure code and how to model the numbers for your organization.
Business impact
Organizations that adopt an agile approach for secure code learning see 2x to 3x business impact from two levers: the ability to fix vulnerabilities faster and rework cost avoidance.
The earlier in the SDLC that vulnerabilities are addressed, the less damage they can cause and the less costly they are to remediate. According to security expert Jim Routh, who previously served as Chief Security Officer at Aetna and CISO at MassMutual, the cost per defect during the phases of the SDLC rise to greater than $14,000 if performed during maintenance mode after the software is released to production. Costs can be halved if addressed during testing and they can be 14 times less expensive if addressed during the coding phase.
The more well-equipped developers are to fix vulnerabilities faster or to avoid them altogether, the less cost and risk an organization must accept in its software products and internal applications. Organizations that want to invest in vulnerability prevention and software quality provide developers with an agile learning platform that delivers flexible experiences and multiple pathways for them to learn, specifically designed for immediate business impact.
Research from NIST indicates that the hours required to fix a vulnerability varies, but the estimates in the table below have been identified in real-world scenarios with large enterprise customers.
After teams develop new secure coding skills, SCW customers have noted their developers fix vulnerabilities as much as 50% to 60% faster and produce 50% fewer high-risk vulnerabilities in production code. Every organization’s experience varies, but these results have been observed at large enterprises with more than 5,000 developers. Increasing developer productivity has had a bottom line impact.
Operational cost reduction: fix vulnerabilities faster
To understand the financial impact of a more secure software development process and how an investment in an agile learning platform helps developers fix vulnerabilities faster, use the model below and substitute your own numbers for the variables in blue:
Baseline:
Assumed benefit of agile learning platform on MTTR (Mean Time To Remediate)
Prevention value: rework cost avoidance
An agile learning platform helps developers write secure code from the start. The model for determining this financial impact is presented below.
Agile learning approach makes a difference
The SCW agile learning platform for secure code is superior to alternative developer security training approaches. SCW customers have seen outstanding results, which of course vary according to the individual costs and vulnerability metrics of their unique situation. One large financial services company, Envestnet, found that SCW-educated developers fixed 2.7x more vulnerabilities than their peers. Additionally, a group of 1,200 SCW-educated developers increased remediation rates in their queue by 120%.
As with any business solution investment, It’s important to evaluate your unique circumstances. Our team can partner with you on an assessment of your current state and develop a customized business case. If you’re looking to assess the impact on your own, use the models outlined in this blog and take a look at a recent customer webinar with Sage, the UK-based $2B Accounting and ERP software company, who discuss an 82% reduction in MTTR for vulnerabilities as part of a robust program to build a security culture.
About Secure Code Warrior
Secure Code Warrior gives your developers the skills to write secure code. Our learning platform is the most effective secure coding solution because it uses agile learning methods for developers to learn, apply, and retain software security principles. Over 600 enterprises trust Secure Code Warrior to implement agile learning security programs, deliver secure software rapidly, and create a culture of developer-driven security. Ready to learn more? Request a demo.
Vivek Asija
Vivek is a former VP of Product Marketing at Secure Code Warrior, where he led positioning, messaging, and GTM strategy.
Related Articles We Recommend
Related Articles We Recommend
Dive into onto our latest secure coding insights on the blog.
Our extensive resource library aims to empower the human approach to secure coding upskilling.
Get the latest research on developer-driven security
Our extensive resource library is full of helpful resources from whitepapers to webinars to get you started with developer-driven secure coding. Explore it now.
The ROI of an Agile Learning Platform
Agile learning for secure code in the SDLC pays off
This is the third in a three-part blog series discussing the attributes and benefits of an Agile Learning Platform for secure code. In part 1 we introduced the concept of agile learning and how Secure Code Warrior’s platform exemplifies several agile principles. In part 2 we explored how an agile learning platform replaces traditional compliance-oriented security training.
An agile learning platform delivers a learning experience that allows the learner to internalize and use new skills more effectively, through a combination of hands-on, in-context education that’s truly integrated into their day-to-day job, as part of the job. This approach to learning, as SCW has applied it to developers acquiring secure coding skills, separates SCW from traditional learning modalities and sets us apart. In this third and final blog in the series we walk you through the ROI organizations can expect from an agile learning platform for secure code and how to model the numbers for your organization.
Business impact
Organizations that adopt an agile approach for secure code learning see 2x to 3x business impact from two levers: the ability to fix vulnerabilities faster and rework cost avoidance.
The earlier in the SDLC that vulnerabilities are addressed, the less damage they can cause and the less costly they are to remediate. According to security expert Jim Routh, who previously served as Chief Security Officer at Aetna and CISO at MassMutual, the cost per defect during the phases of the SDLC rise to greater than $14,000 if performed during maintenance mode after the software is released to production. Costs can be halved if addressed during testing and they can be 14 times less expensive if addressed during the coding phase.
The more well-equipped developers are to fix vulnerabilities faster or to avoid them altogether, the less cost and risk an organization must accept in its software products and internal applications. Organizations that want to invest in vulnerability prevention and software quality provide developers with an agile learning platform that delivers flexible experiences and multiple pathways for them to learn, specifically designed for immediate business impact.
Research from NIST indicates that the hours required to fix a vulnerability varies, but the estimates in the table below have been identified in real-world scenarios with large enterprise customers.
After teams develop new secure coding skills, SCW customers have noted their developers fix vulnerabilities as much as 50% to 60% faster and produce 50% fewer high-risk vulnerabilities in production code. Every organization’s experience varies, but these results have been observed at large enterprises with more than 5,000 developers. Increasing developer productivity has had a bottom line impact.
Operational cost reduction: fix vulnerabilities faster
To understand the financial impact of a more secure software development process and how an investment in an agile learning platform helps developers fix vulnerabilities faster, use the model below and substitute your own numbers for the variables in blue:
Baseline:
Assumed benefit of agile learning platform on MTTR (Mean Time To Remediate)
Prevention value: rework cost avoidance
An agile learning platform helps developers write secure code from the start. The model for determining this financial impact is presented below.
Agile learning approach makes a difference
The SCW agile learning platform for secure code is superior to alternative developer security training approaches. SCW customers have seen outstanding results, which of course vary according to the individual costs and vulnerability metrics of their unique situation. One large financial services company, Envestnet, found that SCW-educated developers fixed 2.7x more vulnerabilities than their peers. Additionally, a group of 1,200 SCW-educated developers increased remediation rates in their queue by 120%.
As with any business solution investment, It’s important to evaluate your unique circumstances. Our team can partner with you on an assessment of your current state and develop a customized business case. If you’re looking to assess the impact on your own, use the models outlined in this blog and take a look at a recent customer webinar with Sage, the UK-based $2B Accounting and ERP software company, who discuss an 82% reduction in MTTR for vulnerabilities as part of a robust program to build a security culture.
About Secure Code Warrior
Secure Code Warrior gives your developers the skills to write secure code. Our learning platform is the most effective secure coding solution because it uses agile learning methods for developers to learn, apply, and retain software security principles. Over 600 enterprises trust Secure Code Warrior to implement agile learning security programs, deliver secure software rapidly, and create a culture of developer-driven security. Ready to learn more? Request a demo.
