Most developers fear their skills are inadequate to thwart attacks

Register now

The developer community fully understands the risks of operating in the open Internet and the complexities of building reliable, secure code. But developers are not taking advantage of tools that can identify and mitigate threats, according to a report from NodeSource, a provider of technology to support the open source Node.js project, and Sqreen, an application security provider.

The companies surveyed nearly 300 CTOs, CIOs, and developers, and found that a majority (71 percent, and 85 percent of CTOs and CIOs) think their job requires taking security seriously. More than one third of all respondents (34 percent) think there is a strong chance their organization will be the target of a large-scale attack in the next six months.

Meanwhile, fewer than half of developers are confident in the code they write and run, with 60 percent lacking confidence in the security of their applications, and only 31 percent feeling confident that their code doesn’t contain vulnerabilities.

As for code written by others, 84 percent of developers are “moderately” or “very” confident in the security of core Node.js. However, 40 percent think third-party modules pose the greatest risk to application security, and only 16 percent are confident that the third-party modules they use are vulnerability-free.

“Our survey results clearly demonstrate that security is a concern for developers—but not a priority,” said Joe McCann, CEO of NodeSource.

For reprint and licensing requests for this article, click here.