Shift left strategy creates heavy burden for developers
While 47% of organizations claim to have implemented shift left security strategies, many still struggle with execution gaps and security inefficiencies, according to Pynt. Of those who haven’t implemented shift left, half of them have no plans to do so at all.
Shift left security gains momentum
Since shift left security was introduced, companies have been trying to live up to its promise: identifying and addressing security issues earlier in the software development lifecycle, ideally before code ever reaches production.
“Everyone talks about shifting left, but few are seeing the security gains they expected,” said Tzvika Shneider, CEO of Pynt. “Most organizations have tools in place, but they still struggle with noise, process friction, and developer resistance. AI accelerates how software is developed and shipped, forcing security to keep pace.”
97% of companies that implemented shift left strategies, have implemented shift left tools. While SAST (Static Application Security Testing) tools are the most adopted with 36% of respondents claiming to use it, SCA (Software Composition Analysis) is fairly close with 31% and DAST (Dynamic Application Security Testing) with 29% .
One of the top challenges regarding shift left is the high rate of false positives, cited by 35% of respondents. 31% report difficulty in effectively integrating shift left security tools into their development workflows, and 25% of developers report being overwhelmed by the volume of vulnerabilities.
Friction between between developers and security teams
A significant friction point exists between developers and security teams when it comes to fixing security vulnerabilities. Developers often prioritize feature development and view security tasks as an added burden, while security professionals advocate for remediation.
65% of respondents prefer to fix bugs in the app’s code, rather than block with WAF (Web Application Firewall) rules in production. However, 42% of CISOs and security professionals prefer blocking with WAF rules.
Regional trends also play a role. European organizations are ahead in adopting shift left compared to the US—with Germany and the UK reaching 52% implementation, while the US lags at 42%. The future outlook follows a similar trend: 36% of German respondents and 25% of UK respondents plan to implement shift left soon, compared to only 20% in the US.
“Shift left was meant to improve security, but many organizations are finding that execution challenges are holding them back,” said Shneider. “Security leaders must rethink their approach to reduce friction between security and development teams while maintaining effective risk management.”