The developer community fully understands the risks of operating in the open Internet and the complexities of building reliable, secure code. But developers are not taking advantage of tools that can identify and mitigate threats, according to a report from NodeSource, a provider of technology to support the open source Node.js project, and Sqreen, an application security provider.

The companies surveyed nearly 300 CTOs, CIOs, and developers, and found that a majority (71 percent, and 85 percent of CTOs and CIOs) think their job requires taking security seriously. More than one third of all respondents (34 percent) think there is a strong chance their organization will be the target of a large-scale attack in the next six months.

Bloomberg/file photo

Meanwhile, fewer than half of developers are confident in the code they write and run, with 60 percent lacking confidence in the security of their applications, and only 31 percent feeling confident that their code doesn’t contain vulnerabilities.

As for code written by others, 84 percent of developers are “moderately” or “very” confident in the security of core Node.js. However, 40 percent think third-party modules pose the greatest risk to application security, and only 16 percent are confident that the third-party modules they use are vulnerability-free.

“Our survey results clearly demonstrate that security is a concern for developers—but not a priority,” said Joe McCann, CEO of NodeSource.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access

Bob Violino

Bob Violino

Bob Violino is a freelance technology and business writer who covers a variety of topics, including big data and analytics, cloud computing, information security and mobile technology.