Yet security issues in software development persist. In ESG’s Modern Application Development Security research, only 36% of respondents rate their application security program a 9 or 10, while 66% said that application security tools protect less than 75% of their codebase, and 48% acknowledged that they push vulnerable code into production regularly. These security shortcomings are not for lack of technology, consulting, or security service providers. The Cybersecurity Almanac 2020 identifies more than 3,500 potential security partners. Ultimately, the key to delivering business value while minimizing security risks in sofware development is clearly defining security principles and communicating them to software development teams. Here are six risks that CIOs and IT leaders should focus on and ways to address them.