Blog

Developers have motivations to learn about secure coding…so why aren’t they?

Secure Code Warrior
Published Apr 06, 2021

When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations (download whitepaper here).

When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers? 

Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:

  • 35% of respondents were driven by company-related concerns
  • 24%  were motivated for personal reasons
  • 41% were driven by both personal and company motivations. 

And when we  dug a little deeper, we found that the top 5 personal motivators for secure code training are:

  1. Increased productivity and efficiency
  2. Curiosity/personal interest
  3. Avoidance of problems caused by insecure code
  4. Potential career advancement
  5. More efficient use of human resources

When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.  

That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.

Developers are motivated – so why are they not more engaged? 


If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?

As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.

Let’s look at each of these factors. 

When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this  and many developers find them incredibly boring and irrelevant.  

As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.




View Resource
View Resource

When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program?

Interested in more?

Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

Book a demo
Share on:
Author
Secure Code Warrior
Published Apr 06, 2021

Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.

Secure Code Warrior builds a culture of security-driven developers by giving them the skills  to code securely. Our flagship Agile Learning Platform delivers relevant skills-based pathways,  hands-on missions, and contextual tools for developers to rapidly learn, build, and apply  their skills to write secure code at speed.

Share on:

When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations (download whitepaper here).

When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers? 

Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:

  • 35% of respondents were driven by company-related concerns
  • 24%  were motivated for personal reasons
  • 41% were driven by both personal and company motivations. 

And when we  dug a little deeper, we found that the top 5 personal motivators for secure code training are:

  1. Increased productivity and efficiency
  2. Curiosity/personal interest
  3. Avoidance of problems caused by insecure code
  4. Potential career advancement
  5. More efficient use of human resources

When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.  

That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.

Developers are motivated – so why are they not more engaged? 


If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?

As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.

Let’s look at each of these factors. 

When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this  and many developers find them incredibly boring and irrelevant.  

As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.




View Resource
View Resource

Fill out the form below to download the report

We would like your permission to send you information on our products and/or related secure coding topics. We’ll always treat your personal details with the utmost care and will never sell them to other companies for marketing purposes.

Submit
To submit the form, please enable 'Analytics' cookies. Feel free to disable them again once you're done.

When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations (download whitepaper here).

When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers? 

Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:

  • 35% of respondents were driven by company-related concerns
  • 24%  were motivated for personal reasons
  • 41% were driven by both personal and company motivations. 

And when we  dug a little deeper, we found that the top 5 personal motivators for secure code training are:

  1. Increased productivity and efficiency
  2. Curiosity/personal interest
  3. Avoidance of problems caused by insecure code
  4. Potential career advancement
  5. More efficient use of human resources

When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.  

That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.

Developers are motivated – so why are they not more engaged? 


If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?

As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.

Let’s look at each of these factors. 

When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this  and many developers find them incredibly boring and irrelevant.  

As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.




Interested in more?

Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.

Click on the link below and download the PDF of this one pager.

Download

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

View reportBook a demo
Share on:
Interested in more?

Share on:
Author
Secure Code Warrior
Published Apr 06, 2021

Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.

Secure Code Warrior builds a culture of security-driven developers by giving them the skills  to code securely. Our flagship Agile Learning Platform delivers relevant skills-based pathways,  hands-on missions, and contextual tools for developers to rapidly learn, build, and apply  their skills to write secure code at speed.

Share on:

When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations (download whitepaper here).

When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers? 

Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:

  • 35% of respondents were driven by company-related concerns
  • 24%  were motivated for personal reasons
  • 41% were driven by both personal and company motivations. 

And when we  dug a little deeper, we found that the top 5 personal motivators for secure code training are:

  1. Increased productivity and efficiency
  2. Curiosity/personal interest
  3. Avoidance of problems caused by insecure code
  4. Potential career advancement
  5. More efficient use of human resources

When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.  

That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.

Developers are motivated – so why are they not more engaged? 


If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?

As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.

Let’s look at each of these factors. 

When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this  and many developers find them incredibly boring and irrelevant.  

As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.




Table of contents

View Resource
Interested in more?

Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

Book a demoDownload
Share on:
Resource hub

Resources to get you started

More posts
Resource hub

Resources to get you started

More posts