Developers have motivations to learn about secure coding…so why aren’t they?
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations.
When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers?
Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:
- 35% of respondents were driven by company-related concerns
- 24% were motivated for personal reasons
- 41% were driven by both personal and company motivations.
And when we dug a little deeper, we found that the top 5 personal motivators for secure code training are:
- Increased productivity and efficiency
- Curiosity/personal interest
- Avoidance of problems caused by insecure code
- Potential career advancement
- More efficient use of human resources
When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.
That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.
Developers are motivated – so why are they not more engaged?
If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?
As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.
Let’s look at each of these factors.
When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this and many developers find them incredibly boring and irrelevant.
As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.
.webp)
.avif)
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program?
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demo
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
This article was written by Secure Code Warrior's team of industry experts, committed to empowering developers with the knowledge and skills to build secure software from the start. Drawing on deep expertise in secure coding practices, industry trends, and real-world insights.
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations.
When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers?
Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:
- 35% of respondents were driven by company-related concerns
- 24% were motivated for personal reasons
- 41% were driven by both personal and company motivations.
And when we dug a little deeper, we found that the top 5 personal motivators for secure code training are:
- Increased productivity and efficiency
- Curiosity/personal interest
- Avoidance of problems caused by insecure code
- Potential career advancement
- More efficient use of human resources
When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.
That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.
Developers are motivated – so why are they not more engaged?
If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?
As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.
Let’s look at each of these factors.
When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this and many developers find them incredibly boring and irrelevant.
As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations.
When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers?
Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:
- 35% of respondents were driven by company-related concerns
- 24% were motivated for personal reasons
- 41% were driven by both personal and company motivations.
And when we dug a little deeper, we found that the top 5 personal motivators for secure code training are:
- Increased productivity and efficiency
- Curiosity/personal interest
- Avoidance of problems caused by insecure code
- Potential career advancement
- More efficient use of human resources
When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.
That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.
Developers are motivated – so why are they not more engaged?
If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?
As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.
Let’s look at each of these factors.
When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this and many developers find them incredibly boring and irrelevant.
As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.
Click on the link below and download the PDF of this resource.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
View reportBook a demo
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
This article was written by Secure Code Warrior's team of industry experts, committed to empowering developers with the knowledge and skills to build secure software from the start. Drawing on deep expertise in secure coding practices, industry trends, and real-world insights.
When it comes to learning about secure coding, what are the primary motivations for developers, and how can they be leveraged to design and implement a successful application security program? In 2020, Secure Code Warrior engaged with Evans Data Corp. to conduct primary research into developers’ attitudes towards secure coding, secure code practices, and security operations.
When surveyed, developers claim they see the value in secure code training. And 80% of development managers say they’re more likely to hire developers with secure coding skills. So with these skills in such high demand, why is there still such a shortage of security-trained developers?
Lack of motivation on the part of developers does not seem to be the core issue. Developers are motivated and when asked about the sources of their motivation for learning secure code training, this is what they told us:
- 35% of respondents were driven by company-related concerns
- 24% were motivated for personal reasons
- 41% were driven by both personal and company motivations.
And when we dug a little deeper, we found that the top 5 personal motivators for secure code training are:
- Increased productivity and efficiency
- Curiosity/personal interest
- Avoidance of problems caused by insecure code
- Potential career advancement
- More efficient use of human resources
When considering company-centric motivations, developers understand how learning secure code practices might increase productivity. Managers can see how practicing secure coding might allow for more efficient use of their human resources. And while motivations differ from region to region, on a global scale, the desire for increased productivity and efficiency remains the one constant.
That said, developers are not always driven to learn about secure coding by external factors, such as employer demands. In many cases, decisions are self-motivated. Developers care about what they create and are proud of their work, as is shown when we look at the top four reasons that attract developers to study secure coding. While 25% of developers say they want to create value for their companies, the same percentage say that they would like to enhance the quality of their code. For others, it’s all about kudos, visibility, and recognition in the workplace. 70% say that they are recognized by their company when secure code is written. And, as previously stated, 80% of development managers are more likely to hire developers with secure coding skills.
Developers are motivated – so why are they not more engaged?
If security skilled developers are so valued and the motivation to learn is there, why are they in such short supply?
As we’ve seen, developers have clear reasons to increase their secure coding skills, but remain averse to much of the current security training out there. Very few seek it out. Based on this research, we believe the answer is relatively simple: The current secure coding training available is inadequate, because it fails to fully address the key factors that attract developers to secure coding in the first place.
Let’s look at each of these factors.
When it comes to increasing value and efficiency and enhancing the quality of their code, developers need training that makes secure coding intrinsic to their daily process. They need the skills to identify and fix vulnerabilities as they code – right from the start. For maximum relevance and immediate applicability, that training should take place in the specific language:framework they use every day. Traditional training approaches don’t deliver this and many developers find them incredibly boring and irrelevant.
As champions of change in secure coding, Secure Code Warrior makes secure coding a positive and engaging experience for developers. We believe training must be delivered in a way that inspires developers to want to learn. This calls for ‘hands-on, interactive and work relevant simulations and challenges that inspire participants to bake security features into their code right from the start. This highly interactive developer-centric training approach places developers motivations to learn at the heart of your application security program. If you'd like to see how it all comes together, book a demo now.
Table of contents
Secure Code Warrior makes secure coding a positive and engaging experience for developers as they increase their skills. We guide each coder along their own preferred learning pathway, so that security-skilled developers become the everyday superheroes of our connected world.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoDownloadResources to get you started
Benchmarking Security Skills: Streamlining Secure-by-Design in the Enterprise
Finding meaningful data on the success of Secure-by-Design initiatives is notoriously difficult. CISOs are often challenged when attempting to prove the return on investment (ROI) and business value of security program activities at both the people and company levels. Not to mention, it’s particularly difficult for enterprises to gain insights into how their organizations are benchmarked against current industry standards. The President’s National Cybersecurity Strategy challenged stakeholders to “embrace security and resilience by design.” The key to making Secure-by-Design initiatives work is not only giving developers the skills to ensure secure code, but also assuring the regulators that those skills are in place. In this presentation, we share a myriad of qualitative and quantitative data, derived from multiple primary sources, including internal data points collected from over 250,000 developers, data-driven customer insights, and public studies. Leveraging this aggregation of data points, we aim to communicate a vision of the current state of Secure-by-Design initiatives across multiple verticals. The report details why this space is currently underutilized, the significant impact a successful upskilling program can have on cybersecurity risk mitigation, and the potential to eliminate categories of vulnerabilities from a codebase.
Secure code training topics & content
Our industry-leading content is always evolving to fit the ever changing software development landscape with your role in mind. Topics covering everything from AI to XQuery Injection, offered for a variety of roles from Architects and Engineers to Product Managers and QA. Get a sneak peak of what our content catalog has to offer by topic and role.
Quests: Industry leading learning to keep developers ahead of the game mitigating risk.
Quests is a learning platform that helps developers mitigate software security risks by enhancing their secure coding skills. With curated learning paths, hands-on challenges, and interactive activities, it empowers developers to identify and prevent vulnerabilities.
Resources to get you started
Is Vibe Coding Going to Turn Your Codebase Into a Frat Party?
Vibe coding is like a college frat party, and AI is the centerpiece of all the festivities, the keg. It’s a lot of fun to let loose, get creative, and see where your imagination can take you, but after a few keg stands, drinking (or, using AI) in moderation is undoubtedly the safer long-term solution.
The Decade of the Defenders: Secure Code Warrior Turns Ten
Secure Code Warrior's founding team has stayed together, steering the ship through every lesson, triumph, and setback for an entire decade. We’re scaling up and ready to face our next chapter, SCW 2.0, as the leaders in developer risk management.
Developer-driven coding.
Securely.
Contact us today and make software security an intrinsic part of your development process.
