Software Developers and Security
According to a survey: “68% of the security professionals surveyed believe it’s a programmer’s job to write secure code, but they also think less than half of developers can spot security holes.” And that’s a problem.
Nearly half of security pros surveyed, 49%, said they struggle to get developers to make remediation of vulnerabilities a priority. Worse still, 68% of security professionals feel fewer than half of developers can spot security vulnerabilities later in the life cycle. Roughly half of security professionals said they most often found bugs after code is merged in a test environment.
At the same time, nearly 70% of developers said that while they are expected to write secure code, they get little guidance or help. One disgruntled programmer said, “It’s a mess, no standardization, most of my work has never had a security scan.”
Another problem is it seems many companies don’t take security seriously enough. Nearly 44% of those surveyed reported that they’re not judged on their security vulnerabilities.
RealFakeNews • July 25, 2019 12:53 AM
Part of the problem is:
To fix this problem, developers need to actually THINK before they write, and actually need to THINK about what it is they’re writing.
Far too many developers write code without any regard for what the end-goal or use actually is, and many things are after-thoughts, if they ever get thought about at all.
Far too many people are writing software who shouldn’t be. It’s too easy to do but requires much understanding and thought to do it properly. Most fail at this basic task.