Most developers fear their skills are inadequate to thwart attacks

About 60 percent of programmers lack confidence in the security of their applications, says Joe McCann.


The developer community fully understands the risks of operating in the open Internet and the complexities of building reliable, secure code. Despite that awareness, developers are not taking advantage of tools that can identify and mitigate threats, according to a report from NodeSource, a provider of technology to support the open source Node.js project, and Sqreen, an application security provider.

The companies surveyed nearly 300 chief technology officers, chief information officers and developers, and found that a majority (71 percent, and some 85 percent of CTOs and CIOs) believe that their job requires taking security seriously.

Also See: Leaving protected health information on the Internet costs Cottage Health $2 million

More than one third of all respondents (34 percent) say they believe that is a strong chance their organization will be the target of a large-scale attack in the next six months.

Meanwhile, fewer than half of developers are confident in the code they write and run, with 60 percent lacking confidence in the security of their applications, and only 31 percent feeling confident that their code doesn’t contain vulnerabilities.



As for code written by others, 84 percent of developers are “moderately” or “very” confident in the security of core Node.js. However, 40 percent report that they believe third-party modules pose the greatest risk to application security, and only 16 percent are confident that the third-party modules they use are free of vulnerabilities.

“Our survey results clearly demonstrate that security is a concern for developers, but not a priority,” said Joe McCann, CEO of NodeSource.

More for you

Loading data for hdm_tax_topic #better-outcomes...