Media Release

Secure Code Warrior Survey Finds 86% of Developers Do Not View Application Security As a Top Priority

April 5, 2022

Only 29% of developers believe that writing vulnerability-free code should be prioritized 

SYDNEY, Australia - April 5, 2022 - Secure Code Warrior, the global, developer-driven security leader, released findings from its annual ‘The State of Developer-Driven Security’ 2022 survey, which found that developers’ actions and attitudes toward software security are in conflict. While many developers acknowledge the importance of applying a security-led approach in the software development lifecycle, 86% do not view application security as a top priority when writing code. 

The research found that more than half of the 1200 developers surveyed are unable to ensure that their code is protected from seven common vulnerabilities. This is a contributing factor to another major finding – that only 29% of developers believe the active practice of writing code free of vulnerabilities should be prioritized.

Despite developers and organizations recognizing that threats and vulnerabilities in key applications could have been mitigated earlier in the development process they continue to take reactive steps to address the flaws. Secure Code Warrior pursued this survey to assess how developers can take more proactive steps and be empowered to embrace effective secure coding practices. 

Developers continue to face competing priorities and point to numerous management-related barriers that are preventing them from creating secure code earlier in the software development lifecycle. These are primarily due to time constraints to meet deadlines (24%), or developers not having enough training or guidance on how to implement secure coding from their managers (20%). 

Training remains a major influence over developers’ application of secure coding as 81% are utilizing the knowledge gleaned from training on a near-daily basis. However, while many developers are utilizing training mechanisms on a daily basis, the research found that 67% are still knowingly shipping vulnerabilities in their code. The findings show that different training experiences are needed now more than ever. One out of four developers want more training guided by self-paced multimedia and one out of five believe training would be perceived as greatly improved if an industry certification was an outcome. 

“Developers want to do the right thing, and while they are starting to care more about security, their working environment doesn't always make it easy for them to make it a priority. Often, the tools at their disposal - and methods they are deploying - result in ‘getting by’, rather than actively reducing risk, and their priorities remain misaligned with the security team,” said Pieter Danhieux, Co-founder and CEO, Secure Code Warrior.

“While organizations encourage secure coding practices, developers are unclear on how they are defined in their day-to-day work, and what is expected of them. To reach a higher standard of code quality, organizations must formalize secure coding standards as they apply to developers, and guide a change in behavior that reinforces good coding patterns and enables security at speed."

The annual survey’s additional findings point to the ongoing hardships developers continue to face in their secure coding journey:

  • 36% attribute the priority of meeting deadlines as a primary reason their coding still possesses vulnerabilities
  • 33% don’t know what makes their code vulnerable 
  • 30% feel that their in-house security training could most be improved if it had more practical training with real world scenarios and outcomes
  • 30% say the biggest concern with the implementation and practice of secure coding is dealing with vulnerabilities introduced by co-workers

To learn more about the “State of Developer-Driven Security 2022” survey, visit www.securecodewarrior.com/blog/where-is-secure-code-in-development-team-priorities.

Survey Methodology: The ‘State of Developer-Driven Security’ 2022 survey is based on responses from 1,200 developers in Asia-Pacific, Europe, and North America. The survey was fielded in December 2021.

About Secure Code Warrior

Secure Code Warrior builds a culture of security-driven developers by giving them the skills to code securely. Our flagship Learning Platform delivers relevant skills-based pathways, hands-on missions, and contextual tools for developers to rapidly learn, build, and apply their skills to write secure code at speed. Established in 2015, Secure Code Warrior has become a critical component for over 450 enterprises including leading financial services, retail, and global technology companies across the world. Visit: www.securecodewarrior.com


Media contact

Carolina Machado

cmachado@securecodewarrior.com

+61 452 265 033

Slogan

Govern AI-driven development before it ships

Measure AI-assisted risk, enforce secure coding policy at commit, and accelerate secure delivery across your SDLC.

book a demo
Slogan

Explore more articles

Lorem ipsum diam quis enim lobortis scelerisque fermentum dui faucibus in ornare quam viverra orci sagittis eu volutpat odio facilisis.

browse all
Case Study
Filter Label
This is some text inside of a div block.

Supercharged Security Awareness: How Tournaments are Inspiring Developers at Erste Group

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

Security as culture: How Blue Prism cultivates world-class secure developers

Learn how Blue Prism, the global leader in intelligent automation for the enterprise, used Secure Code Warrior's agile learning platform to create a security-first culture with their developers, achieve their business goals, and ship secure code at speed

Learn More
Case Study
Filter Label
This is some text inside of a div block.

One Culture of Security: How Sage built their security champions program with agile secure code learning

Discover how Sage enhanced security with a flexible, relationship-focused approach, creating 200+ security champions and achieving measurable risk reduction.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

ITWire: Agentic AI Era Demands Overhaul of Governance Frameworks

The emergence of agentic AI marks a structural shift in software development, introducing systems that not only accelerate production cycles but also perform autonomous reasoning and action beyond direct human control.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

SD Times: Platform Engineering & Developer Experience: Making Engineers Faster Without Making Them Reckless: SD Times 100

This category has taken on new urgency in 2026 for a reason that’s specific to this moment: AI coding tools and agents are dramatically increasing how much code gets written and how often it needs to be deployed, tested, and provisioned for. Platform engineering is the layer that determines whether that increased velocity translates into shipped value or into chaos.

Learn More
Case Study
Filter Label
This is some text inside of a div block.

SecurityWeek: How to Conduct a Successful Audit of AI-Driven Software Development

As AI-generated code becomes commonplace, CISOs need new audit strategies to measure developer practices, govern AI tool usage, and identify software risks before they reach production.

Learn More

Secure AI-driven development before it ships

See developer risk, enforce policy, and prevent vulnerabilities across your software development lifecycle.

Book a demo
trust score