Devlympics 2023: In Review
What is Devlympics?
Devlympics is an annual global tournament hosted by Secure Code Warrior on its agile learning platform to test the secure code skills of developers.
During the 24-hour tournament, developers from around the world competed in offensive and defensive coding challenges in their choice of programming languages. Developers had the opportunity to compete against their peers across a range of skills and duke it out to gain points and rise to the top of the leaderboard.
In this report, you’ll get an overview of the Devlympics 2023 results, as well as a deep dive into the strengths and opportunities highlighted by hundreds of developers across the challenges played. Plus, we’ve highlighted trends for each industry, language, and common CWEs (Common Weakness Enumerations) tackled by developers to help take your secure code learning to the next level.
What developers say about Devlympics and Secure Code Warrior
“Secure Code Warrior is a great platform to compete with other participants and improve your skills.”
“Secure Code Warrior takes an interactive, code-review like approach”
“Secure Code Warrior is one of the best platforms that trains you through interesting competition.”
“Exciting, thrilling, and I loved it!”
Developers love Secure Code Warrior
We surveyed over 200 participants after the event, and the numbers show that developers love the competition.
Developer engagement
Developer participation in Devlympics continues to grow year over year, with over 1000 developers playing in the 2023 tournament. Devlympics attracted attention from across the world, from security professionals and developers across multiple industries and programming disciplines. With double the engagement from last year, we are noting a trend in developers becoming more keen on learning how to code securely. By growing a community of security-skilled developers, Devlympics continues to highlight the value of developers as your first line of defense in protecting your code from vulnerabilities.
Industries present at Devlympics
Secure code is important for all industries, but for some particular sectors, it is absolutely mission-critical. Industries like Banking & Financial Services and Technology held the top spots for the number of developers participating. This showcases the importance of these industries’ continued focus and emphasis on secure code.
Languages played by industry
Different industries utilize a variety of programming languages - of which there were 6 different categories (Web, Mobile, Front-End, API, and Cloud, and Mashup) with over 30 different languages available. These were some of the languages we noted were trending for different industries.
Can’t stop, won’t stop
Players in Devlympics spent on average almost 3 hours on the platform - resulting in a total of 4,152 hours of total gameplay.
Some developers at the very top of the leaderboard took it to the next level. The top 20 players with the most play time averaged 14 hours playing in the tournament. Now that’s dedication!
Full stack developers
In Devlympics, 41% of developers played in at least 2 different languages, with almost a quarter playing in 3+ languages.
According to Stack Overflow, developers who commit production code in 2 or more languages are considered full stack developers.
Does your training program ensure developers are trained in all the technologies they commit code in? With over 63 different languages and frameworks offered, the Secure Code Warrior platform has got you covered.
Tech stack trends
Secure code is of prime importance in code that is publicly accessible.
Across all industries, developers played using Web or API languages.
Java Spring and Docker Basic took the top spots as the most played individual languages in the tournament.
Community of security champions
The best of the best competed in this year’s Devlympics - the majority of whom are already Secure Code Warrior customers - and the results reflect this! Across all industries, Devlympics players performed much better than the industry benchmark Secure Code Warrior has noted for Assessments on its platform.
As we continue to build our community of dedicated developer security champions on the Secure Code Warrior platform, we expect these numbers to keep getting more promising every year!
Key vulnerabilities - Web & API
Developers who participated in Devlympics exhibited good skill levels in the OWASP Top 10 categories for Injection Flaws and Vulnerable Third-Party Components. We are optimistic that we will eventually see these vulnerabilities drop from the OWASP Top 10 lists over time.
Mass Assignment is still a major issue. Developer skill level was one of the lower for this particular vulnerability. Given the lack of automated tooling and testing in this space, this is a real cause of concern and should be closely monitored. More education in this space will also help alleviate pressure from security teams dealing with this particular vulnerability.
CWE top 25 most dangerous software weaknesses
Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list provides developers with an annual list of the most common and impactful software weaknesses today.
#1 CWE-787 Memory Corruption, #9 CWE-352 Cross-site Request Forgery, and #10 CWE-434 File Upload were lowest accuracy scores during Devlympics.
Injection-related vulnerabilities such as #3 SWE-89 SQL Injection, #5 CWE-78 OS Command Injection, and #8 CWE-22 Path Traversal were some of the best-scoring CWEs during Devlympics. We expect these vulnerabilities to lower in the pecking order out of the industry lists like the CWE Top 25 or OWASP Top 10 as developers’ skills improve.
Weakness in order
Conclusion
The 2023 Devlympics demonstrates that developers around the world engage and learn while participating in the tournament. The impact will be felt beyond just the pride they feel from competing, but the real-world scenarios make it easy to retain their knowledge and go from practice to application.
Secure Code Warrior is the industry-leading secure code agile learning platform that empowers developers to build the skills they need to write secure code.
With Secure Code Warrior, you can run your own tournament like Devlympics for your development teams. Bring your team together for a fun, gamified competition where they will learn all about locating, identifying, and fixing software vulnerabilities.
Join the growing community
Our vision is to inspire a global community of security-skilled developers to embrace a preventative, secure coding culture. Our focus is to strengthen security resilience by minimizing the occurrence of attacks, threats, and risks, so that you can drive change, innovate, and accelerate. We believe that coaching and mentoring is an integral part of joining our developer community!
Register for Devlympics 2024 and follow us on X to stay up to date on all announcements.
Explore the Devlympics 2023 results in this report. Dive into developer engagement, tech stack and languages trends in each industry that participated, and key vulnerabilities and CWEs covered in the annual global event hosted by Secure Code Warrior.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoWhat is Devlympics?
Devlympics is an annual global tournament hosted by Secure Code Warrior on its agile learning platform to test the secure code skills of developers.
During the 24-hour tournament, developers from around the world competed in offensive and defensive coding challenges in their choice of programming languages. Developers had the opportunity to compete against their peers across a range of skills and duke it out to gain points and rise to the top of the leaderboard.
In this report, you’ll get an overview of the Devlympics 2023 results, as well as a deep dive into the strengths and opportunities highlighted by hundreds of developers across the challenges played. Plus, we’ve highlighted trends for each industry, language, and common CWEs (Common Weakness Enumerations) tackled by developers to help take your secure code learning to the next level.
What developers say about Devlympics and Secure Code Warrior
“Secure Code Warrior is a great platform to compete with other participants and improve your skills.”
“Secure Code Warrior takes an interactive, code-review like approach”
“Secure Code Warrior is one of the best platforms that trains you through interesting competition.”
“Exciting, thrilling, and I loved it!”
Developers love Secure Code Warrior
We surveyed over 200 participants after the event, and the numbers show that developers love the competition.
Developer engagement
Developer participation in Devlympics continues to grow year over year, with over 1000 developers playing in the 2023 tournament. Devlympics attracted attention from across the world, from security professionals and developers across multiple industries and programming disciplines. With double the engagement from last year, we are noting a trend in developers becoming more keen on learning how to code securely. By growing a community of security-skilled developers, Devlympics continues to highlight the value of developers as your first line of defense in protecting your code from vulnerabilities.
Industries present at Devlympics
Secure code is important for all industries, but for some particular sectors, it is absolutely mission-critical. Industries like Banking & Financial Services and Technology held the top spots for the number of developers participating. This showcases the importance of these industries’ continued focus and emphasis on secure code.
Languages played by industry
Different industries utilize a variety of programming languages - of which there were 6 different categories (Web, Mobile, Front-End, API, and Cloud, and Mashup) with over 30 different languages available. These were some of the languages we noted were trending for different industries.
Can’t stop, won’t stop
Players in Devlympics spent on average almost 3 hours on the platform - resulting in a total of 4,152 hours of total gameplay.
Some developers at the very top of the leaderboard took it to the next level. The top 20 players with the most play time averaged 14 hours playing in the tournament. Now that’s dedication!
Full stack developers
In Devlympics, 41% of developers played in at least 2 different languages, with almost a quarter playing in 3+ languages.
According to Stack Overflow, developers who commit production code in 2 or more languages are considered full stack developers.
Does your training program ensure developers are trained in all the technologies they commit code in? With over 63 different languages and frameworks offered, the Secure Code Warrior platform has got you covered.
Tech stack trends
Secure code is of prime importance in code that is publicly accessible.
Across all industries, developers played using Web or API languages.
Java Spring and Docker Basic took the top spots as the most played individual languages in the tournament.
Community of security champions
The best of the best competed in this year’s Devlympics - the majority of whom are already Secure Code Warrior customers - and the results reflect this! Across all industries, Devlympics players performed much better than the industry benchmark Secure Code Warrior has noted for Assessments on its platform.
As we continue to build our community of dedicated developer security champions on the Secure Code Warrior platform, we expect these numbers to keep getting more promising every year!
Key vulnerabilities - Web & API
Developers who participated in Devlympics exhibited good skill levels in the OWASP Top 10 categories for Injection Flaws and Vulnerable Third-Party Components. We are optimistic that we will eventually see these vulnerabilities drop from the OWASP Top 10 lists over time.
Mass Assignment is still a major issue. Developer skill level was one of the lower for this particular vulnerability. Given the lack of automated tooling and testing in this space, this is a real cause of concern and should be closely monitored. More education in this space will also help alleviate pressure from security teams dealing with this particular vulnerability.
CWE top 25 most dangerous software weaknesses
Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list provides developers with an annual list of the most common and impactful software weaknesses today.
#1 CWE-787 Memory Corruption, #9 CWE-352 Cross-site Request Forgery, and #10 CWE-434 File Upload were lowest accuracy scores during Devlympics.
Injection-related vulnerabilities such as #3 SWE-89 SQL Injection, #5 CWE-78 OS Command Injection, and #8 CWE-22 Path Traversal were some of the best-scoring CWEs during Devlympics. We expect these vulnerabilities to lower in the pecking order out of the industry lists like the CWE Top 25 or OWASP Top 10 as developers’ skills improve.
Weakness in order
Conclusion
The 2023 Devlympics demonstrates that developers around the world engage and learn while participating in the tournament. The impact will be felt beyond just the pride they feel from competing, but the real-world scenarios make it easy to retain their knowledge and go from practice to application.
Secure Code Warrior is the industry-leading secure code agile learning platform that empowers developers to build the skills they need to write secure code.
With Secure Code Warrior, you can run your own tournament like Devlympics for your development teams. Bring your team together for a fun, gamified competition where they will learn all about locating, identifying, and fixing software vulnerabilities.
Join the growing community
Our vision is to inspire a global community of security-skilled developers to embrace a preventative, secure coding culture. Our focus is to strengthen security resilience by minimizing the occurrence of attacks, threats, and risks, so that you can drive change, innovate, and accelerate. We believe that coaching and mentoring is an integral part of joining our developer community!
Register for Devlympics 2024 and follow us on X to stay up to date on all announcements.
What is Devlympics?
Devlympics is an annual global tournament hosted by Secure Code Warrior on its agile learning platform to test the secure code skills of developers.
During the 24-hour tournament, developers from around the world competed in offensive and defensive coding challenges in their choice of programming languages. Developers had the opportunity to compete against their peers across a range of skills and duke it out to gain points and rise to the top of the leaderboard.
In this report, you’ll get an overview of the Devlympics 2023 results, as well as a deep dive into the strengths and opportunities highlighted by hundreds of developers across the challenges played. Plus, we’ve highlighted trends for each industry, language, and common CWEs (Common Weakness Enumerations) tackled by developers to help take your secure code learning to the next level.
What developers say about Devlympics and Secure Code Warrior
“Secure Code Warrior is a great platform to compete with other participants and improve your skills.”
“Secure Code Warrior takes an interactive, code-review like approach”
“Secure Code Warrior is one of the best platforms that trains you through interesting competition.”
“Exciting, thrilling, and I loved it!”
Developers love Secure Code Warrior
We surveyed over 200 participants after the event, and the numbers show that developers love the competition.
Developer engagement
Developer participation in Devlympics continues to grow year over year, with over 1000 developers playing in the 2023 tournament. Devlympics attracted attention from across the world, from security professionals and developers across multiple industries and programming disciplines. With double the engagement from last year, we are noting a trend in developers becoming more keen on learning how to code securely. By growing a community of security-skilled developers, Devlympics continues to highlight the value of developers as your first line of defense in protecting your code from vulnerabilities.
Industries present at Devlympics
Secure code is important for all industries, but for some particular sectors, it is absolutely mission-critical. Industries like Banking & Financial Services and Technology held the top spots for the number of developers participating. This showcases the importance of these industries’ continued focus and emphasis on secure code.
Languages played by industry
Different industries utilize a variety of programming languages - of which there were 6 different categories (Web, Mobile, Front-End, API, and Cloud, and Mashup) with over 30 different languages available. These were some of the languages we noted were trending for different industries.
Can’t stop, won’t stop
Players in Devlympics spent on average almost 3 hours on the platform - resulting in a total of 4,152 hours of total gameplay.
Some developers at the very top of the leaderboard took it to the next level. The top 20 players with the most play time averaged 14 hours playing in the tournament. Now that’s dedication!
Full stack developers
In Devlympics, 41% of developers played in at least 2 different languages, with almost a quarter playing in 3+ languages.
According to Stack Overflow, developers who commit production code in 2 or more languages are considered full stack developers.
Does your training program ensure developers are trained in all the technologies they commit code in? With over 63 different languages and frameworks offered, the Secure Code Warrior platform has got you covered.
Tech stack trends
Secure code is of prime importance in code that is publicly accessible.
Across all industries, developers played using Web or API languages.
Java Spring and Docker Basic took the top spots as the most played individual languages in the tournament.
Community of security champions
The best of the best competed in this year’s Devlympics - the majority of whom are already Secure Code Warrior customers - and the results reflect this! Across all industries, Devlympics players performed much better than the industry benchmark Secure Code Warrior has noted for Assessments on its platform.
As we continue to build our community of dedicated developer security champions on the Secure Code Warrior platform, we expect these numbers to keep getting more promising every year!
Key vulnerabilities - Web & API
Developers who participated in Devlympics exhibited good skill levels in the OWASP Top 10 categories for Injection Flaws and Vulnerable Third-Party Components. We are optimistic that we will eventually see these vulnerabilities drop from the OWASP Top 10 lists over time.
Mass Assignment is still a major issue. Developer skill level was one of the lower for this particular vulnerability. Given the lack of automated tooling and testing in this space, this is a real cause of concern and should be closely monitored. More education in this space will also help alleviate pressure from security teams dealing with this particular vulnerability.
CWE top 25 most dangerous software weaknesses
Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list provides developers with an annual list of the most common and impactful software weaknesses today.
#1 CWE-787 Memory Corruption, #9 CWE-352 Cross-site Request Forgery, and #10 CWE-434 File Upload were lowest accuracy scores during Devlympics.
Injection-related vulnerabilities such as #3 SWE-89 SQL Injection, #5 CWE-78 OS Command Injection, and #8 CWE-22 Path Traversal were some of the best-scoring CWEs during Devlympics. We expect these vulnerabilities to lower in the pecking order out of the industry lists like the CWE Top 25 or OWASP Top 10 as developers’ skills improve.
Weakness in order
Conclusion
The 2023 Devlympics demonstrates that developers around the world engage and learn while participating in the tournament. The impact will be felt beyond just the pride they feel from competing, but the real-world scenarios make it easy to retain their knowledge and go from practice to application.
Secure Code Warrior is the industry-leading secure code agile learning platform that empowers developers to build the skills they need to write secure code.
With Secure Code Warrior, you can run your own tournament like Devlympics for your development teams. Bring your team together for a fun, gamified competition where they will learn all about locating, identifying, and fixing software vulnerabilities.
Join the growing community
Our vision is to inspire a global community of security-skilled developers to embrace a preventative, secure coding culture. Our focus is to strengthen security resilience by minimizing the occurrence of attacks, threats, and risks, so that you can drive change, innovate, and accelerate. We believe that coaching and mentoring is an integral part of joining our developer community!
Register for Devlympics 2024 and follow us on X to stay up to date on all announcements.
Click on the link below and download the PDF of this resource.
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
View reportBook a demoSecure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoWhat is Devlympics?
Devlympics is an annual global tournament hosted by Secure Code Warrior on its agile learning platform to test the secure code skills of developers.
During the 24-hour tournament, developers from around the world competed in offensive and defensive coding challenges in their choice of programming languages. Developers had the opportunity to compete against their peers across a range of skills and duke it out to gain points and rise to the top of the leaderboard.
In this report, you’ll get an overview of the Devlympics 2023 results, as well as a deep dive into the strengths and opportunities highlighted by hundreds of developers across the challenges played. Plus, we’ve highlighted trends for each industry, language, and common CWEs (Common Weakness Enumerations) tackled by developers to help take your secure code learning to the next level.
What developers say about Devlympics and Secure Code Warrior
“Secure Code Warrior is a great platform to compete with other participants and improve your skills.”
“Secure Code Warrior takes an interactive, code-review like approach”
“Secure Code Warrior is one of the best platforms that trains you through interesting competition.”
“Exciting, thrilling, and I loved it!”
Developers love Secure Code Warrior
We surveyed over 200 participants after the event, and the numbers show that developers love the competition.
Developer engagement
Developer participation in Devlympics continues to grow year over year, with over 1000 developers playing in the 2023 tournament. Devlympics attracted attention from across the world, from security professionals and developers across multiple industries and programming disciplines. With double the engagement from last year, we are noting a trend in developers becoming more keen on learning how to code securely. By growing a community of security-skilled developers, Devlympics continues to highlight the value of developers as your first line of defense in protecting your code from vulnerabilities.
Industries present at Devlympics
Secure code is important for all industries, but for some particular sectors, it is absolutely mission-critical. Industries like Banking & Financial Services and Technology held the top spots for the number of developers participating. This showcases the importance of these industries’ continued focus and emphasis on secure code.
Languages played by industry
Different industries utilize a variety of programming languages - of which there were 6 different categories (Web, Mobile, Front-End, API, and Cloud, and Mashup) with over 30 different languages available. These were some of the languages we noted were trending for different industries.
Can’t stop, won’t stop
Players in Devlympics spent on average almost 3 hours on the platform - resulting in a total of 4,152 hours of total gameplay.
Some developers at the very top of the leaderboard took it to the next level. The top 20 players with the most play time averaged 14 hours playing in the tournament. Now that’s dedication!
Full stack developers
In Devlympics, 41% of developers played in at least 2 different languages, with almost a quarter playing in 3+ languages.
According to Stack Overflow, developers who commit production code in 2 or more languages are considered full stack developers.
Does your training program ensure developers are trained in all the technologies they commit code in? With over 63 different languages and frameworks offered, the Secure Code Warrior platform has got you covered.
Tech stack trends
Secure code is of prime importance in code that is publicly accessible.
Across all industries, developers played using Web or API languages.
Java Spring and Docker Basic took the top spots as the most played individual languages in the tournament.
Community of security champions
The best of the best competed in this year’s Devlympics - the majority of whom are already Secure Code Warrior customers - and the results reflect this! Across all industries, Devlympics players performed much better than the industry benchmark Secure Code Warrior has noted for Assessments on its platform.
As we continue to build our community of dedicated developer security champions on the Secure Code Warrior platform, we expect these numbers to keep getting more promising every year!
Key vulnerabilities - Web & API
Developers who participated in Devlympics exhibited good skill levels in the OWASP Top 10 categories for Injection Flaws and Vulnerable Third-Party Components. We are optimistic that we will eventually see these vulnerabilities drop from the OWASP Top 10 lists over time.
Mass Assignment is still a major issue. Developer skill level was one of the lower for this particular vulnerability. Given the lack of automated tooling and testing in this space, this is a real cause of concern and should be closely monitored. More education in this space will also help alleviate pressure from security teams dealing with this particular vulnerability.
CWE top 25 most dangerous software weaknesses
Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list provides developers with an annual list of the most common and impactful software weaknesses today.
#1 CWE-787 Memory Corruption, #9 CWE-352 Cross-site Request Forgery, and #10 CWE-434 File Upload were lowest accuracy scores during Devlympics.
Injection-related vulnerabilities such as #3 SWE-89 SQL Injection, #5 CWE-78 OS Command Injection, and #8 CWE-22 Path Traversal were some of the best-scoring CWEs during Devlympics. We expect these vulnerabilities to lower in the pecking order out of the industry lists like the CWE Top 25 or OWASP Top 10 as developers’ skills improve.
Weakness in order
Conclusion
The 2023 Devlympics demonstrates that developers around the world engage and learn while participating in the tournament. The impact will be felt beyond just the pride they feel from competing, but the real-world scenarios make it easy to retain their knowledge and go from practice to application.
Secure Code Warrior is the industry-leading secure code agile learning platform that empowers developers to build the skills they need to write secure code.
With Secure Code Warrior, you can run your own tournament like Devlympics for your development teams. Bring your team together for a fun, gamified competition where they will learn all about locating, identifying, and fixing software vulnerabilities.
Join the growing community
Our vision is to inspire a global community of security-skilled developers to embrace a preventative, secure coding culture. Our focus is to strengthen security resilience by minimizing the occurrence of attacks, threats, and risks, so that you can drive change, innovate, and accelerate. We believe that coaching and mentoring is an integral part of joining our developer community!
Register for Devlympics 2024 and follow us on X to stay up to date on all announcements.
Table of contents
Secure Code Warrior is here for your organization to help you secure code across the entire software development lifecycle and create a culture in which cybersecurity is top of mind. Whether you’re an AppSec Manager, Developer, CISO, or anyone involved in security, we can help your organization reduce risks associated with insecure code.
Book a demoDownloadResources to get you started
Resources to get you started
10 Key Predictions: Secure Code Warrior on AI & Secure-by-Design’s Influence in 2025
Organizations are facing tough decisions on AI usage to support long-term productivity, sustainability, and security ROI. It’s become clear to us over the last few years that AI will never fully replace the role of the developer. From AI + developer partnerships to the increasing pressures (and confusion) around Secure-by-Design expectations, let’s take a closer look at what we can expect over the next year.
OWASP Top 10 For LLM Applications: What’s New, Changed, and How to Stay Secure
Stay ahead in securing LLM applications with the latest OWASP Top 10 updates. Discover what's new, what’s changed, and how Secure Code Warrior equips you with up-to-date learning resources to mitigate risks in Generative AI.
Trust Score Reveals the Value of Secure-by-Design Upskilling Initiatives
Our research has shown that secure code training works. Trust Score, using an algorithm drawing on more than 20 million learning data points from work by more than 250,000 learners at over 600 organizations, reveals its effectiveness in driving down vulnerabilities and how to make the initiative even more effective.
Reactive Versus Preventive Security: Prevention Is a Better Cure
The idea of bringing preventive security to legacy code and systems at the same time as newer applications can seem daunting, but a Secure-by-Design approach, enforced by upskilling developers, can apply security best practices to those systems. It’s the best chance many organizations have of improving their security postures.