Given the recent rise in the number of cyber-attacks, one might think that developers are taking every step they can to strengthen their cyber defenses. However, a recent report revealed that this is not the case.
As per a report from Secure Code Warrior, titled “State of Developer-Driven Security 2022,” 86% of the developers stated that they do prioritize application security while writing code. Secure Code Warrior took a survey of more than 1,200 developers and discovered that they are not confident in their code safety from common security vulnerabilities. Moreover, only 29% of the respondents stated they think that writing code free of vulnerabilities should be prioritized.
While developers are keen to do right by the standards to prioritize security, their working environment does not also create an environment that makes it easy for them to make it a priority. More often than not, the tools and the methods they are utilizing to deploy applications are just enough for them to “get by” the security instead of actively reducing risk. This makes it harder for them to align their priorities with the cybersecurity team.
Even with the continuous rise of malware and ransomware attacks occurring on a daily basis, many developers are failing to take the precautionary measure to ensure their code will remain safe once it is deployed ahead of time. Most developers concentrate on tackling issues with the code only after they emerge. Therefore, business executives must communicate these to their developer team.
Business executives within the firm should collaborate with their tech counterparts to help them clearly define best security practices related to writing code in their day-to-day tasks as well as the expectation of the firm. They should also systemize secure coding standards and help them change their behavior that reinforces good coding practices and enables security at speed.
A few more interesting findings of the survey are as follows:
- 36% of respondents attribute the priority to meeting deadlines as the cause behind vulnerabilities in their code.
- 33% of the respondents are unsure what factors make their code vulnerable.
- 30% of the respondents believe their in-house security training could be significantly improved if it delivers more practical training consisting of real-world scenarios and outcomes.
- 30% of the respondents stated that their most significant issue with the implementation and practice of securing code is dealing with vulnerabilities that co-workers introduce.
Combatting issues associated with coding vulnerabilities requires business executives to remove obstacles when developing code. They should actively try to remove time constraints when developing code as it is a major hurdle for developers, stated by 24% of the survey respondents. Additionally, the management should ensure that their developers have access to high-quality training that specifically trains them on how to implement secure coding, as cited by 20% of the respondents. This will help organizations to eliminate vulnerabilities while simultaneously having fewer security breaches.