WhiteHat Security, an independent subsidiary of NTT Security and a leading application security provider, today released the results of its “Developer Security Sentiment Study,” based on a survey of 103 industry professionals at DeveloperWeek Austin. The research revealed that while nearly 75% of developers worry about the security of their applications and 85% rank security as very important in the coding and development process, nearly half of their teams lack a dedicated cybersecurity expert.
While 57% of participants feel their teams have the right application security tools in place to incorporate security into the software development lifecycle (SDLC), 14% do not feel that they’ve been given the proper solutions to do so, and one-third weren’t sure what their company provided. For those respondents who do utilize application security tools, 33% scan for vulnerabilities daily, 29% weekly and 20% monthly; this means that 82% scan their applications monthly at a minimum. The remaining 18% scanned either quarterly, annually or at random.
Surprisingly, 43% of respondents still focus on meeting their application release deadlines over security, which echoes an ongoing issue in the development community. Often, pressures to deliver a functional application by these dates cause coders to take security shortcuts or disregard it altogether. However, a promising 57% are realizing that application security should be a key part of the SDLC—and are prioritizing security practices over these demanding deadlines.
Regardless, more than half (52%) of participants have experienced burnout as a result of the intense pressures to deliver the applications on time—and securely. When employees are burnt out, their performance can lag, impacting their personal life, professional growth and their company’s deliverables.
“While developers’ concerns about securing their code are on an upward trajectory, it’s clear the industry has a long way to go. Developers are on the front lines when it comes to protecting their organizations from cyberattacks, and they need the right tools and training to handle this burden,” said Joseph Feiman, chief strategy officer, WhiteHat Security. “With applications being increasingly targeted by digital adversaries, it is vital that organizations and developers incorporate standard security protocols within DevOps, a practice known as DevSecOps. This should include regular cybersecurity training, an application security team lead and a holistic application security platform that can identify vulnerabilities in development, deployment and beyond.”
Interestingly, despite this advice, 70% of developers have not received security certifications in their current or prior roles, and only 30% have. Developer respondents also provided insight into the skills needed in the field. While coding and security chops are important, soft skills are becoming more highly valued than ever when hiring new talent. Turns out, it’s all about the wider group and shared responsibility. Forty-nine percent of developers say teamwork and interpersonal skills are most essential, with problem solving following in second place at 34%. Fourteen percent ranked communications and writing as most important, while leadership was ranked least important. To learn more about WhiteHat Security, visit https://www.whitehatsec.com.
About WhiteHat Security
WhiteHat Security is the leading advisor for application security with the most comprehensive platform powered by artificial and human intelligence. Trusted for nearly two decades by mid-sized to Fortune 500 organizations, WhiteHat Security empowers secure DevOps by continuously assessing the risk of software assets throughout the software development life cycle (SDLC). The company is an independent, wholly owned subsidiary of NTT Security and is based in San Jose, California, with regional offices across the U.S. and Europe. For more information, visit www.whitehatsec.com.