Nowadays, one of the most widespread problems of the technological world, they are security breaches. Whilst a large share of responsibility belongs to mistakes that may lead to a violation, it is also developers that write unsafe codes.
In a recent survey conducted by GitLab, it was revealed that 69% of developers believe they are writing secure code. However, 49% of the security professionals who participated in the research confessed that it was very difficult for the developers to repair and deal with a serious vulnerability.
In fact, 68% of security professionals believe that fewer than half of developers are able to detect security problems that may arise later. Nearly half of security experts said they identified one error, after merging the code while testing.
The report was published by GitLab following the participation of 4.000 respondents. He also found that creating security teams as part of DevOps is a good practice. In such cases, the probability of error detection increases 3 times and is detected even before the code merges.
A very important factor for their safety systems is that it should be taken into account at all stages of the system's life, but this is not always the case. The GitLab survey highlights this fact and confirms once again the rivalry between developers and security specialists.
Another big problem is that many software companies do not take security seriously. Only 25% of the developers surveyed were rated as good for their security practices.
About 44% of participants reported that they were not judged on the basis of the safety code.
This practice is no surprise, especially in Companies which codes must be created and delivered in a specific timetable. No one attaches much importance to safety in order to save time.
The GitLab report makes it clear that the majority of companies still have a long way to go before they manage to bridge the gap between developers and security specialists.