Global Developers think secure coding education can save time and money while adding personal and organizational value.
The impact of COVID-19 has accelerated worldwide demand for increasing the provision of digital services, and in this digitized landscape, security is key. But digital transformation initiatives, combined with a hybrid workforce, have expanded attack surfaces and increased the chances of a breach. Additionally, the criticality of applications, together with the data they handle, make them a prime target for disruption, infiltration, and exploitation. Today, cybercriminals are deploying persistent, sophisticated attacks through multiple vectors in a bid to capitalize on software vulnerabilities, to weaponize and exploit them. Therefore, the need to deliver secure code is now more important than ever.
Empowering developers to deliver secure code
That said, no developer sets out to write potentially vulnerable code, but there are a myriad of reasons why coding errors happen and - under constant pressure to deliver applications faster - developers work in an environment of unrelenting rapid development and release frequency. Only human and susceptible to making mistakes, especially when under pressure, developers need education and tools that empower them to ensure optimum code security and avoid delivering more opportunities into the hands of malicious actors.
Software development is a complex and fast evolving environment, and to understand the challenges developers face, we commissioned our 2021 DevOps Secure Coding Education Survey, interviewing over 800 Global Developers to understand their thoughts and views on the security education techniques being used both now and in the future. The survey was conducted between April – July 2021 by online news source, Cyber Security Hub, and Checkmarx.
The good news is that 7 in 10 Global Developers know that secure coding education is an absolute necessity and an additional 26% say that it is a “nice-to-have”.
Developers lack confidence in code security
Ultimately, Global Developers see countless potential benefits from more secure coding education, but often they believe their organization doesn’t prioritize this effort. In fact, 7 in 10 Global Developers say that secure coding education is an absolute necessity. Overall, 97% of surveyed respondents said that secure coding education is either an “absolute necessity” or “nice-to-have”.
However, 72% of respondents feel that the secure coding education they currently receive is less than adequate, with only 25% saying that the secure coding education they receive is sufficient.
As a result, fewer than 3 in 10 Global Developers are confident that the code they develop, and deliver is secure.
Previously, in an on-premises environment, infrastructure, applications, and workload security was the domain of the operations and security teams. Now, as organizations move to modern application development and cloud-native environments, so security becomes more of a shared responsibility with many different stakeholders. To this point, in our survey, 81% of Global Developers view secure code as a shared responsibility between developers, the security team, and the overall organization.
The benefits of training are well recognized
Likewise, they are keen to receive more training and see many benefits both from an organizational and personal perspective. In terms of their preference in how this training is delivered, nearly two thirds of Global Developers want interactive or video-based secure coding education. However, no matter the method, Developers see many personal and organizational benefits from the right training.
The benefits to both the organization and the individual are well understood. 42% of survey respondents say that with better secure coding education, they would code more securely. 24% say they would save time for both themselves and the organization. 22% say they could develop even more code. And nearly 10% say they would save the organization money, deliver cost efficiencies, and need fewer resources. Finally, 3% would remain working at the organization for longer.
Embedding securing throughout the software development lifecycle
Clearly it is time for organizations to build a software development culture that emboldens their developers to think and act securely in every way. Here at Checkmarx, we empower developers to write more-secure code with the right tactics, tools, and integrations that embed security throughout the software development life cycle (SDLC). Our Codebashing solution is the AppSec training platform developers actually enjoy. Our just-in-time, targeted, gamified lessons cover exactly what devs need to know, when they need to know it. Codebashing teaches developers the principles of secure coding, and helps them hone their application security skills in the most efficient way. This way, teams can ensure that the software applications they release are better protected from attacks.
To read the full survey report download it here