Already-pressured application developers have been pushed to extreme lengths to build more complex software, three times faster than before, during the year since the COVID-19 outbreak was declared a pandemic – but a new survey of developers found that security testing fell behind the pace and things don’t look set to change any time soon.
Almost half (46 per cent) of the more than 250 software developers – surveyed in February for code-scanning firm Checkmarx – said they had been expected to build and deploy software somewhat or significantly faster during the pandemic than before it – with 36 per cent saying that this pressure was the biggest work-related challenge of the past year.
Yet speed was only part of the challenge, with companies of all sizes leaning even more heavily on cloud computing as they retooled their core processes and systems in a fight to pivot from ‘survival mode’ into a more flexible, responsive operational mode.
The accelerated pace of COVID-era development – an October survey found developers were working at least six hours more per week during the pandemic – has already been linked to reductions in developers’ well-being and productivity, with one Monash University-supported study warning employers that it was “unrealistic” to expect “normal productivity” from workers and encouraging them not to pressure employees to be productive.
Few employers seem to have gotten that memo, however: developers who thought they had years to refine their cloud skills found themselves pushed to complete major application migrations in a fraction of the time – with 59 per cent of the Checkmarx respondents saying the amount of cloud development they’re doing has increased somewhat or significantly during the pandemic.
Much of this involved significantly increasing the use of application programming interfaces (APIs) – which standardise application interfaces to facilitate more rapid application integration – but despite 55 per cent of developers saying they’ve assumed more responsibility for application security, just 45 per cent were security-testing the APIs they built and used.
Other key elements of cloud infrastructure were tested even less frequently – including microservices (44 per cent), containers (32 per cent), and serverless architectures (28 per cent).
Improving this performance requires better collaboration across the various parts of the business, warned Checkmarx senior solutions engineer James Brotsos, who advises companies to make code-security training “relevant, accessible, timely, and impactful [and] integrated in a non-intrusive manner that also brings lasting value.”
“If development, operations, and security teams are at odds,” he added, “slowdowns, and potential security mishaps, will be exacerbated as tensions can’t be solved in real-time and face-to-face like in traditional office settings.”
The ‘new normal’ is faster than the old one
Similar surveys have been acknowledging the increasing pressure for businesses to transform throughout the course of the pandemic, driving a new pace of change that a recent Cisco AppDynamics survey – of 1050 technologists across 11 countries – said was pushing businesses to transform into digital-first operations three times faster, on average, than they had before the pandemic hit.
That acceleration had created “a complex patchwork of legacy and cloud technologies,” the report’s authors noted, with the additional complexity driving 89 per cent of technologists to report “feeling under immense pressure at work”.
The fact that this stress is persisting a year later – even as businesses contemplate reopening on the back of the ongoing vaccine rollout – suggests that the faster pace will be a permanent fixture of development work moving into the future.
In a climate where the jobs market is still being regularly disrupted, some vendors are working to support this faster pace of transformation with standards like Static Analysis Results Interchange Format (SARIF), which facilitates reporting of errors in software code regardless of how it was developed.
Automated code-security testers are learning to pick out potential insecurities in code as it’s being written, while firms like Secure Code Warrior have taken a different approach to skills development with its recently launched Missions – a gamified secure-coding environment that co-founder and CEO Pieter Danhieux called “a flight simulator for coders”.
Missions, he said, provides “a progressive, scaffolded approach to building skills [that] helps developers move from merely recalling knowledge to systematically building upon their experiences and skillset in real-time, fostering valuable secure coding skills that are job-relevant and allowing coders to experience the impact of insecure code first hand, in a safe environment.”
With digital transformation set to continue at pace this year and software-related jobs surging by the end of 2020 despite overall employment malaise, those skills – matched with the soft skills to give them business context – will be crucial to ensuring the cloud-native juggernaut doesn’t trip over its own feet.
“The ‘new norm’ will be one of significant change,” Richard Jones, co-founder and co-CEO of recruitment firm PrimeL noted – flagging cloud skills and DevOps as being among the most in-demand skills even as the transformation imperative became clear in the pandemic’s early days.
“For companies to survive, they will need to understand and expedite their digital transformation [and] the Australian workforce will also need to be ready for and accept the change that we face.”