86% of developers don’t prioritize application security

2022-04-07 05:00

While many developers acknowledge the importance of applying a security-led approach in the software development lifecycle, 86% do not view application security as a top priority when writing code.

These are primarily due to time constraints to meet deadlines, or developers not having enough training or guidance on how to implement secure coding from their managers.

Training remains a major influence over developers' application of secure coding as 81% are utilizing the knowledge gleaned from training on a near-daily basis.

While many developers are utilizing training mechanisms on a daily basis, the research found that 67% are still knowingly shipping vulnerabilities in their code.

"Developers want to do the right thing, and while they are starting to care more about security, their working environment doesn't always make it easy for them to make it a priority. Often, the tools at their disposal - and methods they are deploying - result in 'getting by', rather than actively reducing risk, and their priorities remain misaligned with the security team," said Pieter Danhieux, CEO, Secure Code Warrior.

"While organizations encourage secure coding practices, developers are unclear on how they are defined in their day-to-day work, and what is expected of them. To reach a higher standard of code quality, organizations must formalize secure coding standards as they apply to developers, and guide a change in behavior that reinforces good coding patterns and enables security at speed."

News URL

https://www.helpnetsecurity.com/2022/04/07/developers-software-security/

#developer #security