Analysis of the results of the JIT developer survey
Even in companies with large and dedicated security teams, a successful APSEC program begins and ends with developers. Development teams face many obstacles in their search to write safe code and solve code security problems, including complex application architectures, lack of time and training, and an organization that prioritizes safety release speed. To discover these weak points and learn how companies can better support development teams, JIT conducted a survey of 150 developers in all industries and sizes of companies to ask what developers think about APSEC in 2025. We will immerse ourselves in the results.
Overcome APSEC’s biggest challenges
When asked to classify the highest security challenges of the code, the developers selected the Complexity of modern applications architecture Like your best choice. They defined the complexity of several ways, including the understanding of the security nuances of many different services and technologies, managing the safety of many different integrated services and mitigating known vulnerabilities within the interconnected dependency chains. These complexities are more difficult to overcome for developers due to a Lack of knowledge, training and guidelines, lack of organizational priority and lack of timeThe following three best classified challenges.
One way to help reduce complexity is to use an automated safety test platform that unifies all the different scanners necessary for APSEC in one place. For example, Jit combines 10 scanners ready to use together with custom tests on a single platform. It works in all the main programming and cloud infrastructure languages to reduce integration headaches. JIT also uses the context of execution time of security problems detected to classify and prioritize each risk, providing simplified panels where developers can easily see and mitigate vulnerabilities. JIT even provides automated solution suggestions so that developers can quickly solve problems with a single click, even without specialized safety training.
Automated tools to help developers secure their code
When asked what they think are the most shocking strategies to ensure their code, developers were classified Automated tests (Sast, SCA, Secret Detection) in the CI/CD or IDE pipe In the upper part by a clear margin.
The developers were also asked how their company supports them in the construction of safe applications, and the main response was Security scanners implemented. These results indicate that most developers already have automated safety tools and find that these solutions are more useful than manual code reviews, safety awareness programs and other measures that take beautiful time. Automated scanners not only save time; They also frequently catch problems that human reviewers could miss.
However, automated scanners can create additional complexity if they are not correctly integrated into the CI/CD pipe or the development environment. Many solutions are also known for generating a large number of false positives that developers have to classify to prioritize real risks.
In addition to providing perfect integrations with development and safety tools, the JIT automated test platform helps reduce complexity with contextual prioritization. This feature prioritizes code and cloud security problems based on its execution time and commercial context, providing an automated risk score to help developers separate the noise signal and reduce false positives.
How development teams exceed knowledge gaps
Developers are generally not security experts, so it is important to understand where they will answer code security questions. Interestingly, many developers resort to external sources, including Online documentation of suppliers and commercial publications, as well as Forums, Blogs and Communities Such as the overflow of the battery and Reddit.
These sources do not seem to be enough to help development teams to overcome the code safety knowledge gaps based on the answers to the following question:
Only 7% of participants totally agree that they can constantly and independently deliver a safe code, indicating the need for better tools and resources. For example, the JIT platform provides a Simplified UX developer that integrates the entire scan and code safety remediation process into the development environment. It provides automatic comments on the safety of each code change and offers automatic remediation, which facilitates developers to ensure their code proactively and independently.
Make developers more involved in security
When asked how often they are involved in activities related to the security of applications during the development cycle, such as safety reviews, problem solving and threat modeling, a huge 62% of participants He responded several times a year or never. While it is initially surprising, this result makes sense compared to question number one: with lack of time, training and organizational prioritization, it is not surprising that developers are not more involved. Participants specifically indicated that security is frequently depressed in favor of the delivery of characteristics.
Developers were asked to describe the collaboration between the development and security teams of their company, and most reported moderately positively. Only 8% of the participants described their collaboration as excellent and without the need for improvement.
The lack of participation and only moderate collaboration become more alarming in relation to the results of the following question. When asked how strong 47% of developers He did not agree to some extent.
What is needed is a platform like JIT that puts Appsec in the hands of developers without adding friction to their workloads. The JIT development UX, the automated remediation and simplified panels provide developers for a visibility and total control over the code safety while complying with accelerated delivery schedules.
Improve the security culture within the development teams
All the results of the previous questions highlight the lack of security culture within the development teams, and when asked directly to describe the security culture, developers agreed. 61% of participants He responded that security is only “something important” or not a priority in their culture, and APSEC did not join their routines. There was a correlation between a stronger security culture and the developer’s confidence in his ability to offer a safe code, showing how important it is for organizations to balance the priorities between security and delivery.
The JIT Unified Test Platform and development UX organizations with development help to implement an automated and practical APSEC program that is simpler for developers to adopt. They are easy integrations and the activation of a single click make it less difficult to prioritize security while delivering new functions on time.
Jit helps developers consistently and independently to deliver a safe code
Jit helps developers to ensure their own code while reducing complexity with a unified platform of more than 10 security scanners ready to use. By integrating completely into CI/CD pipes and developer environments, it reduces friction between development and safety and improves the impact that automatic tests have on developer’s workloads. The JIT context engine helps developers to classify and focus on high -risk problems while false positives are filtered, which allows them to meet the APSEC daily requirements while offering functions quickly. The JIT unified test platform and simplified panels allow organizations to prioritize security without delaying development cycles.
For more information, download our report: What developers think about security in 2025 and why it matters
#Perspectives #developer #improvement #APSEC
