Devlympics 2023: In Review

Published Nov 28, 2023
by
cASE sTUDY

Devlympics 2023: In Review

What is Devlympics?

Devlympics is an annual global tournament hosted by Secure Code Warrior on its agile learning platform to test the secure code skills of developers.

During the 24-hour tournament, developers from around the world competed in offensive and defensive coding challenges in their choice of programming languages. Developers had the opportunity to compete against their peers across a range of skills and duke it out to gain points and rise to the top of the leaderboard.

In this report, you’ll get an overview of the Devlympics 2023 results, as well as a deep dive into the strengths and opportunities highlighted by hundreds of developers across the challenges played. Plus, we’ve highlighted trends for each industry, language, and common CWEs (Common Weakness Enumerations) tackled by developers to help take your secure code learning to the next level.

What developers say about Devlympics and Secure Code Warrior

“Secure Code Warrior is a great platform to compete with other participants and improve your skills.”
“Secure Code Warrior takes an interactive, code-review like approach” 
“Secure Code Warrior is one of the best platforms that trains you through interesting competition.”
“Exciting, thrilling, and I loved it!” 

Developers love Secure Code Warrior

We surveyed over 200 participants after the event, and the numbers show that developers love the competition.

94% of participants enjoyed playing in the tournament 90% said they would join next year's event 62% gave the SCW platform a 10/10 rating, with 91% saying they would recommend it to their peers Over 85% said they would definitely use the SCW platform if their organization had access to it full-time

Developer engagement

Developer participation in Devlympics continues to grow year over year, with over 1000 developers playing in the 2023 tournament. Devlympics attracted attention from across the world, from security professionals and developers across multiple industries and programming disciplines. With double the engagement from last year, we are noting a trend in developers becoming more keen on learning how to code securely. By growing a community of security-skilled developers, Devlympics continues to highlight the value of developers as your first line of defense in protecting your code from vulnerabilities.

Chart showint that Devlympics had 786 players in 2022 and 1472 in 2023, which is 2x growth

Industries present at Devlympics

Secure code is important for all industries, but for some particular sectors, it is absolutely mission-critical. Industries like Banking & Financial Services and Technology held the top spots for the number of developers participating. This showcases the importance of these industries’ continued focus and emphasis on secure code.

Graph showing players in Devlympics per industry. Banking and Financial services were 53% and Technology the runner up with 16% of players

Languages played by industry

Different industries utilize a variety of programming languages - of which there were 6 different categories (Web, Mobile, Front-End, API, and Cloud, and Mashup) with over 30 different languages available. These were some of the languages we noted were trending for different industries.

Can’t stop, won’t stop

Players in Devlympics spent on average almost 3 hours on the platform - resulting in a total of 4,152 hours of total gameplay.

Some developers at the very top of the leaderboard took it to the next level. The top 20 players with the most play time averaged 14 hours playing in the tournament. Now that’s dedication!

Image showing gameplay for Devlympics. 4152 hours of total gameplay, 2.9 Hours average tima per user on the platform. Top 20, Developers by time played for 14 hours out of 24

Full stack developers

In Devlympics, 41% of developers played in at least 2 different languages, with almost a quarter playing in 3+ languages.

According to Stack Overflow, developers who commit production code in 2 or more languages are considered full stack developers.

Does your training program ensure developers are trained in all the technologies they commit code in? With over 63 different languages and frameworks offered, the Secure Code Warrior platform has got you covered.

41% of players who competed 2+ languages, vs 23% players who competed in 3+ languages

Tech stack trends

Secure code is of prime importance in code that is publicly accessible.

Across all industries, developers played using Web or API languages.

Java Spring and Docker Basic took the top spots as the most played individual languages in the tournament.

Web or API where the most popular language types. Java Spring & Docker Basic were the most played individual languages

Community of security champions

The best of the best competed in this year’s Devlympics - the majority of whom are already Secure Code Warrior customers - and the results reflect this! Across all industries, Devlympics players performed much better than the industry benchmark Secure Code Warrior has noted for Assessments on its platform.

As we continue to build our community of dedicated developer security champions on the Secure Code Warrior platform, we expect these numbers to keep getting more promising every year!

Key vulnerabilities - Web & API

Developers who participated in Devlympics exhibited good skill levels in the OWASP Top 10 categories for Injection Flaws and Vulnerable Third-Party Components. We are optimistic that we will eventually see these vulnerabilities drop from the OWASP Top 10 lists over time.

Mass Assignment is still a major issue. Developer skill level was one of the lower for this particular vulnerability. Given the lack of automated tooling and testing in this space, this is a real cause of concern and should be closely monitored. More education in this space will also help alleviate pressure from security teams dealing with this particular vulnerability.

Top score by vulnerability was the following: XMLExternal Entities XXE 92%, Vulnerable Components 90%, Injection Flaws 89%. Bottom score by vulnerabilities were the following: Cross-site request forgery 70%, Mass assignement 71% , File upload vulnerability 71%

CWE top 25 most dangerous software weaknesses

Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list provides developers with an annual list of the most common and impactful software weaknesses today.

#1 CWE-787 Memory Corruption, #9 CWE-352 Cross-site Request Forgery, and #10 CWE-434 File Upload were lowest accuracy scores during Devlympics. 

Injection-related vulnerabilities such as #3 SWE-89 SQL Injection, #5 CWE-78 OS Command Injection, and #8 CWE-22 Path Traversal were some of the best-scoring CWEs during Devlympics. We expect these vulnerabilities to lower in the pecking order out of the industry lists like the CWE Top 25 or OWASP Top 10 as developers’ skills improve.


Weakness in order

Conclusion

The 2023 Devlympics demonstrates that developers around the world engage and learn while participating in the tournament. The impact will be felt beyond just the pride they feel from competing, but the real-world scenarios make it easy to retain their knowledge and go from practice to application.

Secure Code Warrior is the industry-leading secure code agile learning platform that empowers developers to build the skills they need to write secure code.

With Secure Code Warrior, you can run your own tournament like Devlympics for your development teams. Bring your team together for a fun, gamified competition where they will learn all about locating, identifying, and fixing software vulnerabilities.

Join the growing community

Our vision is to inspire a global community of security-skilled developers to embrace a preventative, secure coding culture. Our focus is to strengthen security resilience by minimizing the occurrence of attacks, threats, and risks, so that you can drive change, innovate, and accelerate. We believe that coaching and mentoring is an integral part of joining our developer community!

Register for Devlympics 2024 and follow us on X to stay up to date on all announcements.

Download PDF
View Resource
Download PDF
View Resource

Interested in learning more?

Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.

Book a demo
Author

Want more?

Dive into onto our latest secure coding insights on the blog.

Our extensive resource library aims to empower the human approach to secure coding upskilling.

View Blog
Want more?

Get the latest research on developer-driven security

Our extensive resource library is full of helpful resources from whitepapers to webinars to get you started with developer-driven secure coding. Explore it now.

Resource Hub

Devlympics 2023: In Review

Published Jan 22, 2024
By

What is Devlympics?

Devlympics is an annual global tournament hosted by Secure Code Warrior on its agile learning platform to test the secure code skills of developers.

During the 24-hour tournament, developers from around the world competed in offensive and defensive coding challenges in their choice of programming languages. Developers had the opportunity to compete against their peers across a range of skills and duke it out to gain points and rise to the top of the leaderboard.

In this report, you’ll get an overview of the Devlympics 2023 results, as well as a deep dive into the strengths and opportunities highlighted by hundreds of developers across the challenges played. Plus, we’ve highlighted trends for each industry, language, and common CWEs (Common Weakness Enumerations) tackled by developers to help take your secure code learning to the next level.

What developers say about Devlympics and Secure Code Warrior

“Secure Code Warrior is a great platform to compete with other participants and improve your skills.”
“Secure Code Warrior takes an interactive, code-review like approach” 
“Secure Code Warrior is one of the best platforms that trains you through interesting competition.”
“Exciting, thrilling, and I loved it!” 

Developers love Secure Code Warrior

We surveyed over 200 participants after the event, and the numbers show that developers love the competition.

94% of participants enjoyed playing in the tournament 90% said they would join next year's event 62% gave the SCW platform a 10/10 rating, with 91% saying they would recommend it to their peers Over 85% said they would definitely use the SCW platform if their organization had access to it full-time

Developer engagement

Developer participation in Devlympics continues to grow year over year, with over 1000 developers playing in the 2023 tournament. Devlympics attracted attention from across the world, from security professionals and developers across multiple industries and programming disciplines. With double the engagement from last year, we are noting a trend in developers becoming more keen on learning how to code securely. By growing a community of security-skilled developers, Devlympics continues to highlight the value of developers as your first line of defense in protecting your code from vulnerabilities.

Chart showint that Devlympics had 786 players in 2022 and 1472 in 2023, which is 2x growth

Industries present at Devlympics

Secure code is important for all industries, but for some particular sectors, it is absolutely mission-critical. Industries like Banking & Financial Services and Technology held the top spots for the number of developers participating. This showcases the importance of these industries’ continued focus and emphasis on secure code.

Graph showing players in Devlympics per industry. Banking and Financial services were 53% and Technology the runner up with 16% of players

Languages played by industry

Different industries utilize a variety of programming languages - of which there were 6 different categories (Web, Mobile, Front-End, API, and Cloud, and Mashup) with over 30 different languages available. These were some of the languages we noted were trending for different industries.

Can’t stop, won’t stop

Players in Devlympics spent on average almost 3 hours on the platform - resulting in a total of 4,152 hours of total gameplay.

Some developers at the very top of the leaderboard took it to the next level. The top 20 players with the most play time averaged 14 hours playing in the tournament. Now that’s dedication!

Image showing gameplay for Devlympics. 4152 hours of total gameplay, 2.9 Hours average tima per user on the platform. Top 20, Developers by time played for 14 hours out of 24

Full stack developers

In Devlympics, 41% of developers played in at least 2 different languages, with almost a quarter playing in 3+ languages.

According to Stack Overflow, developers who commit production code in 2 or more languages are considered full stack developers.

Does your training program ensure developers are trained in all the technologies they commit code in? With over 63 different languages and frameworks offered, the Secure Code Warrior platform has got you covered.

41% of players who competed 2+ languages, vs 23% players who competed in 3+ languages

Tech stack trends

Secure code is of prime importance in code that is publicly accessible.

Across all industries, developers played using Web or API languages.

Java Spring and Docker Basic took the top spots as the most played individual languages in the tournament.

Web or API where the most popular language types. Java Spring & Docker Basic were the most played individual languages

Community of security champions

The best of the best competed in this year’s Devlympics - the majority of whom are already Secure Code Warrior customers - and the results reflect this! Across all industries, Devlympics players performed much better than the industry benchmark Secure Code Warrior has noted for Assessments on its platform.

As we continue to build our community of dedicated developer security champions on the Secure Code Warrior platform, we expect these numbers to keep getting more promising every year!

Key vulnerabilities - Web & API

Developers who participated in Devlympics exhibited good skill levels in the OWASP Top 10 categories for Injection Flaws and Vulnerable Third-Party Components. We are optimistic that we will eventually see these vulnerabilities drop from the OWASP Top 10 lists over time.

Mass Assignment is still a major issue. Developer skill level was one of the lower for this particular vulnerability. Given the lack of automated tooling and testing in this space, this is a real cause of concern and should be closely monitored. More education in this space will also help alleviate pressure from security teams dealing with this particular vulnerability.

Top score by vulnerability was the following: XMLExternal Entities XXE 92%, Vulnerable Components 90%, Injection Flaws 89%. Bottom score by vulnerabilities were the following: Cross-site request forgery 70%, Mass assignement 71% , File upload vulnerability 71%

CWE top 25 most dangerous software weaknesses

Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list provides developers with an annual list of the most common and impactful software weaknesses today.

#1 CWE-787 Memory Corruption, #9 CWE-352 Cross-site Request Forgery, and #10 CWE-434 File Upload were lowest accuracy scores during Devlympics. 

Injection-related vulnerabilities such as #3 SWE-89 SQL Injection, #5 CWE-78 OS Command Injection, and #8 CWE-22 Path Traversal were some of the best-scoring CWEs during Devlympics. We expect these vulnerabilities to lower in the pecking order out of the industry lists like the CWE Top 25 or OWASP Top 10 as developers’ skills improve.


Weakness in order

Conclusion

The 2023 Devlympics demonstrates that developers around the world engage and learn while participating in the tournament. The impact will be felt beyond just the pride they feel from competing, but the real-world scenarios make it easy to retain their knowledge and go from practice to application.

Secure Code Warrior is the industry-leading secure code agile learning platform that empowers developers to build the skills they need to write secure code.

With Secure Code Warrior, you can run your own tournament like Devlympics for your development teams. Bring your team together for a fun, gamified competition where they will learn all about locating, identifying, and fixing software vulnerabilities.

Join the growing community

Our vision is to inspire a global community of security-skilled developers to embrace a preventative, secure coding culture. Our focus is to strengthen security resilience by minimizing the occurrence of attacks, threats, and risks, so that you can drive change, innovate, and accelerate. We believe that coaching and mentoring is an integral part of joining our developer community!

Register for Devlympics 2024 and follow us on X to stay up to date on all announcements.

We would like your permission to send you information on our products and/or related secure coding topics. We’ll always treat your personal details with the utmost care and will never sell them to other companies for marketing purposes.

To submit the form, please enable 'Analytics' cookies. Feel free to disable them again once you're done.