Developers get more confident in security but are still spending too much time on it

New research shows increasing confidence among developers at large organizations with regards to knowledge gained from security training, but they are still spending a considerable amount of time on security-related tasks.

The study from Checkmarx looks at the current practices of development teams in large enterprises as they work toward more mature states of development, security and operations (DevSecOps).

It finds 21 percent of developers surveyed say that security is their top priority when coding. 99.6 percent of developers have access to security training and of those, 90 percent rank the effectiveness of the training they receive as medium or high.

In addition 41.53 percent of responding developers report that they understand the vulnerability tickets they receive, as well as how the vulnerability manifests during runtime, for 41 to 60 percent of the time.

Security is time consuming though, 72 percent of developers say they spend more than 17 hours each week on security-related tasks and one in four spends more than 25 hours.

"The massive increase in the number of development teams and DevOps pipelines within large organizations shows how critical it is for DevOps and security teams to build a shared culture for successful collaboration," says Martin Lindsay, vice president of regional marketing at Checkmarx. "With the ultimate goal of delivering high-performing code -- which, by definition is secure code -- these two teams are finding that improving the developer experience with application security is just the first step and that security must find a way to match the pace of agile development."

From the enterprise perspective the study finds that most large organizations are working towards and committed to achieving mature DevSecOps. 30 percent have moved beyond focusing only on the developer experience to building more sophisticated processes while 28.3 percent are tracking mean time to remediate as a metric. 45 percent are measuring code security and 46.27 percent are tracking ability to meet deadlines.

The full report is available from the Checkmarx site.

Image credit: Vadymvdrobot/depositphotos.com

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.