The majority of developers view security as integral to the coding and development process, but lack the support of a security expert, Whitehat Security found.
WhiteHat Security released a report on Thursday revealing the gap between cybersecurity concerns and cybersecurity support involving applications. The majority (85%) of developers ranked security as very important to the coding and development process, and 75% said they worry about the security of these apps, the report found.
Despite these concerns, nearly half of their teams lack an established cybersecurity expert. In place of a dedicated expert, 57% of participants said they incorporate app security tools. Respondents said they use these tools to scan for vulnerabilities daily (33%), weekly (29%), and monthly (20%), the report found.
WhiteHat Security’s Developer Security Sentiment Study surveyed more than 100 industry professionals during DeveloperWeek Austin. Apps are not new to vulnerability: In 2018, 85% of mobile apps contained at least one common security vulnerability, a previous WhiteHat Security report found.
This most recent study found that mobile app security is an ongoing problem. Some 43% of respondents said they still prioritize meeting their app release deadlines over security measures. With pressure to deliver functional apps by certain dates, coders either disregard security or take shortcuts to meet the deadline, the report found.
Nearly 60% of developers said they are aware security should be a priority, but the pressure of meeting a deadline prevents them from treating it as such. Because of these pressures, more than half (52%) of respondents said they’ve experienced burnout. Burnout can be detrimental to an employee’s physical and mental health, as well as have a negative impact on job performance, according to the report.
« While developers’ concerns about securing their code are on an upward trajectory, it’s clear the industry has a long way to go. Developers are on the front lines when it comes to protecting their organizations from cyberattacks, and they need the right tools and training to handle this burden, » Joseph Feiman, chief strategy officer at WhiteHat Security, said in the press release.
« With applications being increasingly targeted by digital adversaries, it is vital that organizations and developers incorporate standard security protocols within DevOps, a practice known as DevSecOps, » Feiman said in the release. « This should include regular cybersecurity training, an application security team lead and a holistic application security platform that can identify vulnerabilities in development, deployment and beyond. »
Despite the advice to undergo security training, 70% of developers said they have not received any security certifications in their current or prior roles, the report found.
Technical skills aren’t the only necessary skills for developers, however. The report found that soft skills are becoming increasingly important, with 49% of developers reporting teamwork and interpersonal skills as the most essential.
Tech professionals in particular need to focus on soft skills, as those haven’t historically been as critical to their jobs. Modern day tech jobs, however, make soft skills a priority. The majority of HR professionals (67%) said they have withheld job offers from a qualified IT candidate because they lack soft skills, a West Monroe Partners report found.