Survey: Formal education leaves software developers short on security

Computer Programming

Recently released research has revealed that formal software education does little to prepare developers for today’s DevOps teams.

In fact, 76 percent of developers indicated security and secure development education needed for today’s world of coding is missing from formal curricula. The study, commissioned by Veracode and conducted by, surveyed nearly 400 DevOps professionals globally.

The 2017 DevSecOps Global Skills Survey found 65 percent of DevOps professionals believe it is very important to have knowledge of DevSecOps when entering IT. That seems reasonable enough, so why aren’t schools stepping up?

For whatever reason the schools have, the lack of security education is taking its toll. Of those surveyed, 55 percent indicated that their IT workforce is only somewhat prepared with the necessary skills to securely deliver software at the speed of DevOps, and  30 percent said that they are not prepared at all. And about 40 percent of hiring managers said that the hardest employees to find are the all-purpose DevOps experts with sufficient knowledge about security testing.

All of that spells obvious trouble to the 50 percent of organizations that have either their entire organization or parts of it embracing DevOps practices.

“The shortage of cybersecurity professionals is on pace to reach 1.5 million empty positions globally by 2020, according to Frost & Sullivan. Yet, as the digital economy relies on rapid innovation in software, the growing demand for developers with security skills is also dangerously outpacing supply,” Veracode’s John Zorabedian says in this blog post. “The problem begins at the university level, where just 24 percent of survey respondents were required to complete cybersecurity courses as part of their education.”

Of those surveyed, 80 percent of respondents said that they have a bachelor’s or master’s degree, and 50 percent said that they studied and earned degrees in computer science. However, even with such an educated pool of respondents, it’s clear developers are not getting introduced to security skills during their years in school. A disappointing 70 percent of respondents said the security education they received is inadequate for what their current positions require, and 65 percent said they’re learning their most relevant professional skills on the job.


Want to increase your workplace value? Acquire machine learning skills

What we now know about “PetrWrap”

Surviving (and thriving) in the automated workplace


  1. […] Survey: Formal Education Leaves Software Developers Short on Security […]

  2. […] covered, security software testing provider Veracode and DevOps site revealed just how little higher education prepares developers for the security needs of their future employers. In fact, 76 percent of developers indicated that […]

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.