While nearly 75% of developers worry about the security of their applications and 85% rank security as very important in the coding and development process, nearly half of their teams lack a dedicated cybersecurity expert, according to WhiteHat Security.
Application security tools
While 57% of participants feel their teams have the right application security tools in place to incorporate security into the software development lifecycle (SDLC), 14% do not feel that they’ve been given the proper solutions to do so, and one-third weren’t sure what their company provided.
For those respondents who do utilize application security tools, 33% scan for vulnerabilities daily, 29% weekly and 20% monthly; this means that 82% scan their applications monthly at a minimum. The remaining 18% scanned either quarterly, annually or at random.
Pressure to deliver
Surprisingly, 43% of respondents still focus on meeting their application release deadlines over security, which echoes an ongoing issue in the development community.
Often, pressures to deliver a functional application by these dates cause coders to take security shortcuts or disregard it altogether. However, a promising 57% are realizing that application security should be a key part of the SDLC—and are prioritizing security practices over these demanding deadlines.
Regardless, 52% of participants have experienced burnout as a result of the intense pressures to deliver the applications on time—and securely. When employees are burnt out, their performance can lag, impacting their personal life, professional growth and their company’s deliverables.
“While developers’ concerns about securing their code are on an upward trajectory, it’s clear the industry has a long way to go. Developers are on the front lines when it comes to protecting their organizations from cyberattacks, and they need the right tools and training to handle this burden,” said Joseph Feiman, chief strategy officer, WhiteHat Security.
“With applications being increasingly targeted by digital adversaries, it is vital that organizations and developers incorporate standard security protocols within DevOps, a practice known as DevSecOps.
“This should include regular cybersecurity training, an application security team lead and a holistic application security platform that can identify vulnerabilities in development, deployment and beyond.”
Interestingly, despite this advice, 70% of developers have not received security certifications in their current or prior roles, and only 30% have. Developer respondents also provided insight into the skills needed in the field.
While coding and security chops are important, soft skills are becoming more highly valued than ever when hiring new talent. Turns out, it’s all about the wider group and shared responsibility.
Forty-nine percent of developers say teamwork and interpersonal skills are most essential, with problem solving following in second place at 34%. Fourteen percent ranked communications and writing as most important, while leadership was ranked least important.