Developers have motivations to learn about secure coding…so why aren’t they?
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations.
When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers?
Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:
- 35% of respondents were driven by company-related concerns
- 24% were motivated for personal reasons
- 41% were driven by both personal and company motivations.
And when we dug a little deeper, we found that the top 5 personal motivators for secure code training are:
- Increased productivity and efficiency
- Curiosity/personal interest
- Avoidance of problems caused by insecure code
- Potential career advancement
- More efficient use of human resources
When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.
That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.
Developers are motivated – so why are they not more engaged?
If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?
As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.
Let’s look at each of these factors.
When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this and many developers find them incredibly boring and irrelevant.
As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.
.avif)
.avif)
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program?
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demo
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
This article was written by Secure Code Warrior's team of industry experts, committed to empowering developers with the knowledge and skills to build secure software from the start. Drawing on deep expertise in secure coding practices, industry trends, and real-world insights.
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations.
When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers?
Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:
- 35% of respondents were driven by company-related concerns
- 24% were motivated for personal reasons
- 41% were driven by both personal and company motivations.
And when we dug a little deeper, we found that the top 5 personal motivators for secure code training are:
- Increased productivity and efficiency
- Curiosity/personal interest
- Avoidance of problems caused by insecure code
- Potential career advancement
- More efficient use of human resources
When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.
That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.
Developers are motivated – so why are they not more engaged?
If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?
As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.
Let’s look at each of these factors.
When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this and many developers find them incredibly boring and irrelevant.
As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations.
When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers?
Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:
- 35% of respondents were driven by company-related concerns
- 24% were motivated for personal reasons
- 41% were driven by both personal and company motivations.
And when we dug a little deeper, we found that the top 5 personal motivators for secure code training are:
- Increased productivity and efficiency
- Curiosity/personal interest
- Avoidance of problems caused by insecure code
- Potential career advancement
- More efficient use of human resources
When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.
That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.
Developers are motivated – so why are they not more engaged?
If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?
As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.
Let’s look at each of these factors.
When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this and many developers find them incredibly boring and irrelevant.
As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.
Click on the link below and download the PDF of this resource.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
View reportBook a demo
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
This article was written by Secure Code Warrior's team of industry experts, committed to empowering developers with the knowledge and skills to build secure software from the start. Drawing on deep expertise in secure coding practices, industry trends, and real-world insights.
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations.
When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers?
Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:
- 35% of respondents were driven by company-related concerns
- 24% were motivated for personal reasons
- 41% were driven by both personal and company motivations.
And when we dug a little deeper, we found that the top 5 personal motivators for secure code training are:
- Increased productivity and efficiency
- Curiosity/personal interest
- Avoidance of problems caused by insecure code
- Potential career advancement
- More efficient use of human resources
When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.
That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.
Developers are motivated – so why are they not more engaged?
If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?
As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.
Let’s look at each of these factors.
When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this and many developers find them incredibly boring and irrelevant.
As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.
Table of contents
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoDownloadResources to get you started
AI Coding Assistants: A Guide to Security-Safe Navigation for the Next Generation of Developers
Large language models deliver irresistible advantages in speed and productivity, but they also introduce undeniable risks to the enterprise. Traditional security guardrails aren’t enough to control the deluge. Developers require precise, verified security skills to identify and prevent security flaws at the outset of the software development lifecycle.
Secure by Design: Defining Best Practices, Enabling Developers and Benchmarking Preventative Security Outcomes
In this research paper, Secure Code Warrior co-founders, Pieter Danhieux and Dr. Matias Madou, Ph.D., along with expert contributors, Chris Inglis, Former US National Cyber Director (now Strategic Advisor to Paladin Capital Group), and Devin Lynch, Senior Director, Paladin Global Institute, will reveal key findings from over twenty in-depth interviews with enterprise security leaders including CISOs, a VP of Application Security, and software security professionals.
Resources to get you started
Setting the Standard: SCW Releases Free AI Coding Security Rules on GitHub
AI-assisted development is no longer on the horizon — it’s here, and it’s rapidly reshaping how software is written. Tools like GitHub Copilot, Cline, Roo, Cursor, Aider, and Windsurf are transforming developers into co-pilots of their own, enabling faster iteration and accelerating everything from prototyping to major refactoring projects.
Close the Loop on Vulnerabilities with Secure Code Warrior + HackerOne
Secure Code Warrior is excited to announce our new integration with HackerOne, a leader in offensive security solutions. Together, we're building a powerful, integrated ecosystem. HackerOne pinpoints where vulnerabilities are actually happening in real-world environments, exposing the "what" and "where" of security issues.
Revealed: How the Cyber Industry Defines Secure by Design
In our latest white paper, our Co-Founders, Pieter Danhieux and Dr. Matias Madou, Ph.D., sat down with over twenty enterprise security leaders, including CISOs, AppSec leaders and security professionals, to figure out the key pieces of this puzzle and uncover the reality behind the Secure by Design movement. It’s a shared ambition across the security teams, but no shared playbook.
Developer-driven coding.
Securely.
Contact us today and make software security an intrinsic part of your development process.
