A large majority of security professionals in software development firms are of the belief that very few code writers in their offices are able to spot security vulnerabilities in their product.
In a survey conducted by Gitlab, roughly half of security professionals said bugs were most often found by them after code is merged in a test environment.
The problem is that many organizations have not put in place a mechanism for developers to produce a secure code, says the Gitlab, which offers a web-based DevOps lifecycle tool.
“Nearly 70% of developers said they are expected to write secure code, but it’s clear from the comments below that in most organizations, the mechanisms to make that happen remain elusive,” the report noted.
More than 50% of respondents said that they were using Scrum (50%), while 37% were found using Kanban, and 36% using DevOps. Interestingly, around 17% of them claimed to be using the more methodical waterfall development practice.
Another interesting finding from the study is that organisations are putting more faith in coders working remotely than in-house staff. “Remote operations teams are 1.6x more likely to document their work than in-office counterparts,” the report noted.
In the survey, many software developers stated that they were encountering the most delays during the testing stage of development.
Software developers want to figure out software defects right at the time of development process, because they know that the cost of fixing the issues is very high.