What is Devlympics?
Devlympics is an annual global tournament hosted by Secure Code Warrior on its agile learning platform to test the secure code skills of developers.
During the 24-hour tournament, developers from around the world competed in offensive and defensive coding challenges in their choice of programming languages. Developers had the opportunity to compete against their peers across a range of skills and duke it out to gain points and rise to the top of the leaderboard.
In this report, you’ll get an overview of the Devlympics 2023 results, as well as a deep dive into the strengths and opportunities highlighted by hundreds of developers across the challenges played. Plus, we’ve highlighted trends for each industry, language, and common CWEs (Common Weakness Enumerations) tackled by developers to help take your secure code learning to the next level.
What developers say about Devlympics and Secure Code Warrior
“Secure Code Warrior is a great platform to compete with other participants and improve your skills.”
“Secure Code Warrior takes an interactive, code-review like approach”
“Secure Code Warrior is one of the best platforms that trains you through interesting competition.”
“Exciting, thrilling, and I loved it!”
Developers love Secure Code Warrior
We surveyed over 200 participants after the event, and the numbers show that developers love the competition.
Developer participation in Devlympics continues to grow year over year, with over 1000 developers playing in the 2023 tournament. Devlympics attracted attention from across the world, from security professionals and developers across multiple industries and programming disciplines. With double the engagement from last year, we are noting a trend in developers becoming more keen on learning how to code securely. By growing a community of security-skilled developers, Devlympics continues to highlight the value of developers as your first line of defense in protecting your code from vulnerabilities.
Industries present at Devlympics
Secure code is important for all industries, but for some particular sectors, it is absolutely mission-critical. Industries like Banking & Financial Services and Technology held the top spots for the number of developers participating. This showcases the importance of these industries’ continued focus and emphasis on secure code.
Languages played by industry
Different industries utilize a variety of programming languages - of which there were 6 different categories (Web, Mobile, Front-End, API, and Cloud, and Mashup) with over 30 different languages available. These were some of the languages we noted were trending for different industries.
Can’t stop, won’t stop
Players in Devlympics spent on average almost 3 hours on the platform - resulting in a total of 4,152 hours of total gameplay.
Some developers at the very top of the leaderboard took it to the next level. The top 20 players with the most play time averaged 14 hours playing in the tournament. Now that’s dedication!
Full stack developers
In Devlympics, 41% of developers played in at least 2 different languages, with almost a quarter playing in 3+ languages.
According to Stack Overflow, developers who commit production code in 2 or more languages are considered full stack developers.
Does your training program ensure developers are trained in all the technologies they commit code in? With over 63 different languages and frameworks offered, the Secure Code Warrior platform has got you covered.
Tech stack trends
Secure code is of prime importance in code that is publicly accessible.
Across all industries, developers played using Web or API languages.
Java Spring and Docker Basic took the top spots as the most played individual languages in the tournament.
Community of security champions
The best of the best competed in this year’s Devlympics - the majority of whom are already Secure Code Warrior customers - and the results reflect this! Across all industries, Devlympics players performed much better than the industry benchmark Secure Code Warrior has noted for Assessments on its platform.
As we continue to build our community of dedicated developer security champions on the Secure Code Warrior platform, we expect these numbers to keep getting more promising every year!
Key vulnerabilities - Web & API
Developers who participated in Devlympics exhibited good skill levels in the OWASP Top 10 categories for Injection Flaws and Vulnerable Third-Party Components. We are optimistic that we will eventually see these vulnerabilities drop from the OWASP Top 10 lists over time.
Mass Assignment is still a major issue. Developer skill level was one of the lower for this particular vulnerability. Given the lack of automated tooling and testing in this space, this is a real cause of concern and should be closely monitored. More education in this space will also help alleviate pressure from security teams dealing with this particular vulnerability.
CWE top 25 most dangerous software weaknesses
Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list provides developers with an annual list of the most common and impactful software weaknesses today.
#1 CWE-787 Memory Corruption, #9 CWE-352 Cross-site Request Forgery, and #10 CWE-434 File Upload were lowest accuracy scores during Devlympics.
Injection-related vulnerabilities such as #3 SWE-89 SQL Injection, #5 CWE-78 OS Command Injection, and #8 CWE-22 Path Traversal were some of the best-scoring CWEs during Devlympics. We expect these vulnerabilities to lower in the pecking order out of the industry lists like the CWE Top 25 or OWASP Top 10 as developers’ skills improve.
Weakness in order
The 2023 Devlympics demonstrates that developers around the world engage and learn while participating in the tournament. The impact will be felt beyond just the pride they feel from competing, but the real-world scenarios make it easy to retain their knowledge and go from practice to application.
Secure Code Warrior is the industry-leading secure code agile learning platform that empowers developers to build the skills they need to write secure code.
With Secure Code Warrior, you can run your own tournament like Devlympics for your development teams. Bring your team together for a fun, gamified competition where they will learn all about locating, identifying, and fixing software vulnerabilities.
Join the growing community
Our vision is to inspire a global community of security-skilled developers to embrace a preventative, secure coding culture. Our focus is to strengthen security resilience by minimizing the occurrence of attacks, threats, and risks, so that you can drive change, innovate, and accelerate. We believe that coaching and mentoring is an integral part of joining our developer community!
Register for Devlympics 2024 and follow us on X to stay up to date on all announcements.