Software developers increasingly prioritize secure coding
Software companies and development teams have a long way to go before secure coding becomes part of their culture, but there are signs that both programmers and their companies are taking security more seriously.
While only 14% of developers consider application security as their top priority when coding, two-thirds believe that application security will become more important in the next 12 to 18 months, according to a survey of 1,200 active software developers conducted by security training firm Secure Code Warrior and market intelligence firm Evans Data Corp. Code quality, application performance, and solving real-world problems are the three top priorities, accounting for more than half of developers (56%), the survey found.
Companies are showing progress in incorporating secure coding into their development culture but are still facing significant challenges, says Pieter Danhieux, CEO and co-founder of Secure Code Warrior.
“The results are encouraging, in that developers are actively expecting software security to become a higher priority,” he says. “However, there is a chasm there that must be overcome. We know old habits are hard to break, and organizations need to take responsibility for creating environments that foster better code quality and security.”
Secure Code Warrior’s State of Developer-Driven Security 2022 survey aligns with previous studies of developers’ attitudes toward application security. A 2020 survey of open source contributors, for example, found that most programmers wanted to code new features, improve tools, and work on new ideas, while security came in dead last in terms of priority.
This latest survey highlighted that incorporating security into the development pipeline is still challenging. About half of developers (48%) knowingly ship code with vulnerabilities, while another 19% believe that some of their projects have known vulnerabilities.
The developer pointed to a variety of competing forces to explain the lack of focus on security. A quarter of developers (24%), for example, did not have enough time to integrate secure coding at the start of a project, while 19% of developers felt the company did not have a cohesive plan for implementing secure coding.
To read the complete article, visit Dark Reading.