While software developers acknowledge the importance of a security-minded approach in the development lifecycle, 86% do not view application security as a top priority when writing code.
According to the The State of Developer-Driven Security 2022 survey from Secure Code Warrior, developers’ actions and attitudes toward software security are in conflict, opening up organizations to cyber threats.
The research found that more than half of the 1200 developers surveyed are unable to ensure that their code is protected from seven common vulnerabilities. Additionally, 29% of developers believe the active practice of writing code free of vulnerabilities should be prioritized, and 67% have shipped code with known cybersecurity vulnerabilities.
Developers continue to face competing priorities and point to numerous management-related barriers that are preventing them from creating secure code earlier in the software development lifecycle. These are primarily due to time constraints to meet deadlines (24%), or developers not having enough training or guidance on how to implement secure coding from their managers (20%).
The annual survey’s additional findings point to the ongoing hardships developers continue to face in their secure coding journey:
- 36% attribute the priority of meeting deadlines as a primary reason their coding still possesses vulnerabilities
- 33% don’t know what makes their code vulnerable
- 30% feel that their in-house security training could most be improved if it had more practical training with real world scenarios and outcomes
To learn more report findings, click here.