If you follow the daily updates of the tech world, security problems are one of the most common affairs. While a lot of the blame game goes around these security goof-ups, one part of it belongs to developers who write bad code.
A recent GitLab survey reveals that 69% of developers feel that they’re expected to write secure code. However, 49% of the security professionals surveyed confessed they face a hard time in trying to get developers to patch up a vulnerability on a priority basis.
In fact, 68% of security pros believe that less than half of developers are capable enough to spot security problems later in the lifecycle (ouch!). Nearly half of the security guys said that they find bugs mostly after the code is merged in a test environment.
The report was published by GitLab after surveying over 4,000 respondents. They also found that making security teams a part of DevOps is a good practice. In such cases, the likelihood of discovering bugs increases 3 times and they are detected even before the code is merged.
While it is a known fact that security must be included in the development lifecycle, the actual practices are far from it. GitLab’s survey highlights the very fact, and once again confirms longstanding animosity between developers and security professionals.
Another big problem is that many software companies don’t take security seriously. Only 25% of developers participating in the survey rated their security practices as being good.
Roughly 44% of participants said that they are not judged on the security vulnerabilities present in the code.
This behavior isn’t really a surprise in companies where there is pressure to release codes under deadlines and no one’s really paying attention to security. This is where developers cut corners around security.
It’s clear from the GitLabs report that the majority of companies still have a long way to go before they can achieve DevSecOps nirvana.