IT Professionals Spend Up to a Third of Their Time Chasing Vulnerabilities
March 14, 2024

While security is a top priority for developers, they are facing an uphill battle when it comes to time spent chasing vulnerabilities, the available scanning tools and alignment with security teams, according to the Developer Survey Report from Qwiet AI.

The online survey of 1,021 US IT professionals* conducted by market research firm Propeller Insights found developers are frustrated by the state of current security tools, citing incumbent tools are too noisy, time intensive and increasing tech debt at a time when development teams are overworked.

These challenges point to an internal disconnect, and despite 69% of IT professionals indicating that application security is a top priority for their organization, a staggering 27% said their goals are misaligned with their security team.

"It's clear that developers are overwhelmed by the noise produced by incumbent security tools," said Stuart McClure, CEO, Qwiet AI. "We're seeing developers spend a third of their day fixing bugs and vulnerabilities instead of writing code. For IT teams to be successful, we need to empower software application developers with the right tools that help them stay in a highly productive 'flow' state, instead of chasing false positives."

Key findings from the report include:

Development schedules are heavily impacted by vulnerabilities – 32.6% of respondents reported spending between 26% and 50% of their time fixing bugs instead of writing code, while 38.5% reported spending up to 60 minutes a day searching for solutions.

Incumbent security tools struggle to keep pace – 35.7% said there were "too many false positives" and 46.6% said incumbent tools "increase tech debt at a time when my team is already overworked."

Developers want features that provide additional insight – Seeing where each error originates was key to 51.7% of respondents and access to rich contextual information surrounding each error was important to 56.6% of respondents.

Adoption of AI-based tools was inevitable – Recent advancements in AI, increasingly sophisticated models and enhanced computing power are transforming the way developers approach application security. Developers also highlighted the transformative power of AI-based solutions in the survey, with an overwhelming 93.7% indicating the adoption of AI-based tools was inevitable and IT teams will need them to keep pace with today's dynamic cyber threat landscape.

However, staying ahead of the cyber threat curve requires unison between business and security teams. The report emphasizes the need for cyber teams to understand macro-organizational issues presented by business units.

Share this

Industry News

April 11, 2024

Check Point® Software Technologies Ltd. announced new email security features that enhance its Check Point Harmony Email & Collaboration portfolio: Patented unified quarantine, DMARC monitoring, archiving, and Smart Banners.

April 11, 2024

Automation Anywhere announced an expanded partnership with Google Cloud to leverage the combined power of generative AI and its own specialized, generative AI automation models to give companies a powerful solution to optimize and transform their business.

April 11, 2024

Jetic announced the release of Jetlets, a low-code and no-code block template, that allows users to easily build any technically advanced integration use case, typically not covered by alternative integration platforms.

April 10, 2024

Progress announced new powerful capabilities and enhancements in the latest release of Progress® Sitefinity®.

April 10, 2024

Buildkite signed a multi-year strategic collaboration agreement (SCA) with Amazon Web Services (AWS), the world's most comprehensive and broadly adopted cloud, to accelerate delivery of cloud-native applications across multiple industries, including digital native, financial services, retail or any enterprise undergoing digital transformation.

April 10, 2024

AppViewX announced new functionality in the AppViewX CERT+ certificate lifecycle management automation product that helps organizations prepare for Google’s proposed 90-day TLS certificate validity policy.

April 09, 2024

Rocket Software is addressing the growing demand for integrated security, compliance, and automation in software development with its latest release of Rocket® DevOps, formerly known as Aldon®.

April 09, 2024

Wind River announced the latest release of Wind River Studio Developer, an edge-to-cloud DevSecOps platform that accelerates development, deployment, and operation of mission-critical systems.

April 09, 2024

appCD announced its generative infrastructure from code solution now supports Azure Kubernetes Service (AKS).

April 09, 2024

Synopsys announced the availability of Black Duck® Supply Chain Edition, a new software composition analysis (SCA) offering that enables organizations to mitigate upstream risk in their software supply chains.

April 09, 2024

DataStax announced innovative integrations with API extensions to Google Cloud’s Vertex AI Extension and Vertex AI Search, offering developers an easier time leveraging their own data.

April 08, 2024

Parasoft introduced C/C++test CT, a comprehensive solution tailored for large teams engaged in the development of safety- and security-critical C and C++ products.

April 08, 2024

Endor Labs announced a strategic partnership with GuidePoint Security.

April 08, 2024

Hasura announced the V3 of its platform, providing on-demand API composability with a new domain-centric supergraph modeling framework, a distributed supergraph execution engine and a rich and extensible ecosystem of open source connectors to address the challenges faced during integration of data and APIs.

April 04, 2024

DataStax has entered into a definitive agreement to acquire AI startup, Logspace, the creators of Langflow, an open source visual framework for building retrieval-augmented generation (RAG) applications.1