Developers have motivations to learn about secure coding…so why aren’t they?
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations (download whitepaper here).
When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers?
Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:
- 35% of respondents were driven by company-related concerns
- 24% were motivated for personal reasons
- 41% were driven by both personal and company motivations.
And when we dug a little deeper, we found that the top 5 personal motivators for secure code training are:
- Increased productivity and efficiency
- Curiosity/personal interest
- Avoidance of problems caused by insecure code
- Potential career advancement
- More efficient use of human resources
When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.
That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.
Developers are motivated – so why are they not more engaged?
If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?
As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.
Let’s look at each of these factors.
When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this and many developers find them incredibly boring and irrelevant.
As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program?
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoSecure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Secure Code Warrior builds a culture of security-driven developers by giving them the skills to code securely. Our flagship Agile Learning Platform delivers relevant skills-based pathways, hands-on missions, and contextual tools for developers to rapidly learn, build, and apply their skills to write secure code at speed.
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations (download whitepaper here).
When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers?
Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:
- 35% of respondents were driven by company-related concerns
- 24% were motivated for personal reasons
- 41% were driven by both personal and company motivations.
And when we dug a little deeper, we found that the top 5 personal motivators for secure code training are:
- Increased productivity and efficiency
- Curiosity/personal interest
- Avoidance of problems caused by insecure code
- Potential career advancement
- More efficient use of human resources
When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.
That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.
Developers are motivated – so why are they not more engaged?
If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?
As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.
Let’s look at each of these factors.
When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this and many developers find them incredibly boring and irrelevant.
As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations (download whitepaper here).
When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers?
Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:
- 35% of respondents were driven by company-related concerns
- 24% were motivated for personal reasons
- 41% were driven by both personal and company motivations.
And when we dug a little deeper, we found that the top 5 personal motivators for secure code training are:
- Increased productivity and efficiency
- Curiosity/personal interest
- Avoidance of problems caused by insecure code
- Potential career advancement
- More efficient use of human resources
When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.
That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.
Developers are motivated – so why are they not more engaged?
If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?
As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.
Let’s look at each of these factors.
When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this and many developers find them incredibly boring and irrelevant.
As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Click on the link below and download the PDF of this one pager.
DownloadSecure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
View reportBook a demoSecure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Secure Code Warrior builds a culture of security-driven developers by giving them the skills to code securely. Our flagship Agile Learning Platform delivers relevant skills-based pathways, hands-on missions, and contextual tools for developers to rapidly learn, build, and apply their skills to write secure code at speed.
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations (download whitepaper here).
When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers?
Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:
- 35% of respondents were driven by company-related concerns
- 24% were motivated for personal reasons
- 41% were driven by both personal and company motivations.
And when we dug a little deeper, we found that the top 5 personal motivators for secure code training are:
- Increased productivity and efficiency
- Curiosity/personal interest
- Avoidance of problems caused by insecure code
- Potential career advancement
- More efficient use of human resources
When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.
That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.
Developers are motivated – so why are they not more engaged?
If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?
As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.
Let’s look at each of these factors.
When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this and many developers find them incredibly boring and irrelevant.
As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.
Table of contents
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoDownloadResources to get you started
DigitalOcean Decreases Security Debt with Secure Code Warrior
DigitalOcean's use of Secure Code Warrior training has significantly reduced security debt, allowing teams to focus more on innovation and productivity. The improved security has strengthened their product quality and competitive edge. Looking ahead, the SCW Trust Score will help them further enhance security practices and continue driving innovation.
Resources to get you started
Deep Dive: Navigating the Critical CUPS Vulnerability in GNU-Linux Systems
Discover the latest security challenges facing Linux users as we explore recent high-severity vulnerabilities in the Common UNIX Printing System (CUPS). Learn how these issues may lead to potential Remote Code Execution (RCE) and what you can do to protect your systems.
Deep Dive: Navigating the Critical CUPS Vulnerability in GNU-Linux Systems
Discover the latest security challenges facing Linux users as we explore recent high-severity vulnerabilities in the Common UNIX Printing System (CUPS). Learn how these issues may lead to potential Remote Code Execution (RCE) and what you can do to protect your systems.
Coders Conquer Security: Share & Learn - Cross-Site Scripting (XSS)
Cross-site scripting (XSS) uses the trust of browsers and ignorance of users to steal data, take over accounts, and deface websites; it's a vulnerability that can get very ugly, very quickly. Let's take a look at how XSS works, what damage can be done, and how to prevent it.