The State of Developer-Driven Security Survey

The Secure Code Warrior ‘State of Developer-Driven Security’ survey was conducted by Evans Data Corp in December of 2021.

Questions about software coding, security awareness, training, support, motivations, and other issues were asked of 1,200 active software developers working in the Asia-Pacific region, Europe and North America. The survey was given in English and translated when needed to obtain an accurate global perspective. Survey respondents included managers from within the development community as well as coders who are actively creating new applications.

The margin of error for the survey is 2.7%. Where appropriate, results from the 2021 survey have been compared with another survey that Secure Code Warrior commissioned in 2020.

Introduction

Many organizations are still employing traditional software development methodologies while navigating an ever-changing landscape of cybersecurity risks and demands.

Security professionals know they must implement and maintain strategies to get closer to a DevSecOps, or even DevOps, approach if they are to defend against current threats. The coveted goal of DevSecOps considers security at the very beginning of the software development lifecycle (SDLC) and enables developers to share the responsibility without sacrificing speed. A key element of that is to shift security left – or rather start left – so that developers prioritize security alongside features and functionality. When it’s done right, security-skilled developers improve productivity by reducing vulnerabilities that create rework, maintain software release velocity, and ensure quality code without compromising innovation.

But, despite the vast array of security measures adopted by organizations, we continue to feel the repercussions of exploitable software vulnerabilities.

For the 2nd year, Secure Code Warrior has commissioned research with Evans Data Corp to survey 1,200 developers globally to understand the skills, perceptions, and behaviors when it comes to secure coding practices, and their impact and perceived relevancy in the SDLC.