Industry Observations-Technical Insight

Developers Care about Security: Myth or Reality?

Question: Why did the developer quit his job?

Answer: Because he didn’t get arrays!

 

Cheesy jokes apart, did you know the average time a developer stays in a job ranges from 12 to 18 months in the US*?  When you are making moves that frequently, it is SO important to stay competitive and at the top of your game.

Here’s how you can stay competitive – BE A SECURE DEVELOPER!

As more and more organizations are embracing agile, fast waterfall, DevOps methodologies, a key cultural shift is happening towards bringing security closer to developers. Your business wants to enable you to incorporate security into your day-to-day workflow. But do you do it? In this blog, I’ll attempt to shed light on three common myths when it comes to developers’ attitude towards security.

 

Myth or Reality?  Developers don’t care about security

This is most definitely a myth. While developers by nature are focused on releasing new features, functionality, products faster and are inclined to make the code work, implying that they don’t want to release secure code, would be wrong. Developers WANT to write secure code and do the right thing by making sure that secure applications are deployed to production.

This brings me to the second point.

 

Myth or Reality?  Developers have all the tools and skills necessary to write secure code.

This is a myth. Software security and secure code development is typically not a part of standard educational programs. Sometimes, developers just don’t know enough about application security and how to write secure code.

To adequately prepare computer science graduates for current and future cybersecurity challenges, security and secure coding can no longer be elective or relegated to a track for select students. All computing students should learn secure coding, starting with their first programming course, and security principles should be reiterated throughout the computer science curriculum.

How do you change that? Be proactive. Learn how you can incorporate secure coding best practices into your continuing education. Take the WhiteHat Certified Secure Developer program for example – last year more than 3,300 developers took this free certification program and more than 500 got certified in secure coding.  This year, we’ve attracted almost 1,000 more registrants for the free program, reinforcing the interest that developers DO have in learning securing coding best practices.

 

Myth or Reality?  Security is everyone’s responsibility

This is spot-on true. Our digital lives are such an integral part of our physical lives. Our digital lives are driven by applications that make digital experiences such as paying bills online, checking medical records, and sharing pics with friends and family possible. And the security of these applications is the responsibility of everyone in the organization, right from developers, to security teams, to the executive leadership, even the board. But as creators of these applications, developers are the front line.

 

Helpful links: