DEVOPSdigest

While security is a top priority for developers, they are facing an uphill battle when it comes to time spent chasing vulnerabilities, the available scanning tools and alignment with security teams, according to the Developer Survey Report from Qwiet AI.

The online survey of 1,021 US IT professionals* conducted by market research firm Propeller Insights found developers are frustrated by the state of current security tools, citing incumbent tools are too noisy, time intensive and increasing tech debt at a time when development teams are overworked.

These challenges point to an internal disconnect, and despite 69% of IT professionals indicating that application security is a top priority for their organization, a staggering 27% said their goals are misaligned with their security team.

"It's clear that developers are overwhelmed by the noise produced by incumbent security tools," said Stuart McClure, CEO, Qwiet AI. "We're seeing developers spend a third of their day fixing bugs and vulnerabilities instead of writing code. For IT teams to be successful, we need to empower software application developers with the right tools that help them stay in a highly productive 'flow' state, instead of chasing false positives."

Key findings from the report include:

■ Development schedules are heavily impacted by vulnerabilities – 32.6% of respondents reported spending between 26% and 50% of their time fixing bugs instead of writing code, while 38.5% reported spending up to 60 minutes a day searching for solutions.

■ Incumbent security tools struggle to keep pace – 35.7% said there were "too many false positives" and 46.6% said incumbent tools "increase tech debt at a time when my team is already overworked."

■ Developers want features that provide additional insight – Seeing where each error originates was key to 51.7% of respondents and access to rich contextual information surrounding each error was important to 56.6% of respondents.

■ Adoption of AI-based tools was inevitable – Recent advancements in AI, increasingly sophisticated models and enhanced computing power are transforming the way developers approach application security. Developers also highlighted the transformative power of AI-based solutions in the survey, with an overwhelming 93.7% indicating the adoption of AI-based tools was inevitable and IT teams will need them to keep pace with today's dynamic cyber threat landscape.

However, staying ahead of the cyber threat curve requires unison between business and security teams. The report emphasizes the need for cyber teams to understand macro-organizational issues presented by business units.