IT Professionals Spend Up to a Third of Their Time Chasing Vulnerabilities
March 14, 2024

While security is a top priority for developers, they are facing an uphill battle when it comes to time spent chasing vulnerabilities, the available scanning tools and alignment with security teams, according to the Developer Survey Report from Qwiet AI.

The online survey of 1,021 US IT professionals* conducted by market research firm Propeller Insights found developers are frustrated by the state of current security tools, citing incumbent tools are too noisy, time intensive and increasing tech debt at a time when development teams are overworked.

These challenges point to an internal disconnect, and despite 69% of IT professionals indicating that application security is a top priority for their organization, a staggering 27% said their goals are misaligned with their security team.

"It's clear that developers are overwhelmed by the noise produced by incumbent security tools," said Stuart McClure, CEO, Qwiet AI. "We're seeing developers spend a third of their day fixing bugs and vulnerabilities instead of writing code. For IT teams to be successful, we need to empower software application developers with the right tools that help them stay in a highly productive 'flow' state, instead of chasing false positives."

Key findings from the report include:

Development schedules are heavily impacted by vulnerabilities – 32.6% of respondents reported spending between 26% and 50% of their time fixing bugs instead of writing code, while 38.5% reported spending up to 60 minutes a day searching for solutions.

Incumbent security tools struggle to keep pace – 35.7% said there were "too many false positives" and 46.6% said incumbent tools "increase tech debt at a time when my team is already overworked."

Developers want features that provide additional insight – Seeing where each error originates was key to 51.7% of respondents and access to rich contextual information surrounding each error was important to 56.6% of respondents.

Adoption of AI-based tools was inevitable – Recent advancements in AI, increasingly sophisticated models and enhanced computing power are transforming the way developers approach application security. Developers also highlighted the transformative power of AI-based solutions in the survey, with an overwhelming 93.7% indicating the adoption of AI-based tools was inevitable and IT teams will need them to keep pace with today's dynamic cyber threat landscape.

However, staying ahead of the cyber threat curve requires unison between business and security teams. The report emphasizes the need for cyber teams to understand macro-organizational issues presented by business units.

Share this

Industry News

November 20, 2024

Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.

November 20, 2024

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:

November 20, 2024

Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.

November 20, 2024

Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.

November 19, 2024

OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.

November 19, 2024

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.

November 19, 2024

Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.

November 19, 2024

Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.

November 19, 2024

Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.

November 19, 2024

Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.

November 19, 2024

Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.

November 18, 2024

MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.

November 18, 2024

Elastic announced its AI ecosystem to help enterprise developers accelerate building and deploying their Retrieval Augmented Generation (RAG) applications.

Read the full news on APMdigest

November 18, 2024

Red Hat introduced new capabilities and enhancements for Red Hat OpenShift, a hybrid cloud application platform powered by Kubernetes, as well as the technology preview of Red Hat OpenShift Lightspeed.

November 18, 2024

Traefik Labs announced API Sandbox as a Service to streamline and accelerate mock API development, and Traefik Proxy v3.2.