Analyzing the Results of Jit’s Developer Survey
Even in companies with large, dedicated security teams, a successful AppSec program begins and ends with developers. Dev teams face many hurdles in their quest to write secure code and resolve code security issues, including complex app architectures, a lack of time and training, and an organization that prioritizes release speed over security. To uncover these pain points and learn how companies can better support dev teams, Jit conducted a survey of 150 developers across industries and company sizes to ask what developers think about AppSec in 2025. Let’s dive into the results.
Overcoming the Biggest AppSec Challenges
When asked to rank the biggest code security challenges, developers selected the complexity of modern app architecture as their top choice. They defined complexity in a variety of ways, including understanding the security nuances of many different services and technologies, managing the security of many different integrated services, and mitigating known vulnerabilities within interconnected dependency chains. These complexities are more difficult for developers to overcome due to a lack of knowledge, training, and guidelines, a lack of organizational priority, and a lack of time, the next three top-ranked challenges.
One way to help reduce complexity is by utilizing an automated security testing platform that unifies all the different scanners needed for AppSec in one place. For example, Jit combines 10 out-of-the-box scanners along with custom tests in a single platform. It works across all major programming languages and cloud infrastructures to reduce integration headaches. Jit also uses the runtime context of detected security issues to triage and prioritize each risk, providing simplified dashboards where developers can easily view and mitigate vulnerabilities. Jit even provides automated fix suggestions so developers can quickly resolve issues with one click, even without specialized security training.
Automated Tools to Help Developers Secure Their Code
When asked what they believe are the most impactful strategies to secure their code, developers ranked automated testing (SAST, SCA, Secrets detection) in the CI/CD pipeline or IDE at the top by a clear margin.
Developers were also asked how their company supports them in building secure applications, and the top answer was implemented security scanners. These results indicate that most developers already have automated security tooling in place and find these solutions more helpful than manual code reviews, security awareness programs, and other measures that take up precious time. Automated scanners don’t just save time; they also frequently catch issues that human reviewers might miss.
However, automated scanners can create additional complexity if not properly integrated into the CI/CD pipeline or development environment. Many solutions are also known for generating a large number of false positives that developers have to sort through to prioritize the real risks.
In addition to providing seamless integrations with development and security tools, Jit’s automated testing platform helps reduce complexity with Contextual Prioritization. This feature prioritizes code and cloud security issues based on their runtime and business context, providing automated risk scoring to help developers separate the signal from the noise and reduce false positives.
How Dev Teams Overcome Knowledge Gaps
Developers usually aren’t security experts, so it’s important to understand where they go to answer code security questions. Interestingly, many developers turn to outside sources, including online documentation from vendors and trade publications as well as forums, blogs, and communities like Stack Overflow and Reddit.
These sources don’t appear to be enough to help dev teams overcome code security knowledge gaps based on the answers to the following question:
Only 7% of participants strongly agree that they can consistently and independently deliver secure code, indicating a need for better tooling and resources. For example, Jit’s platform provides a simplified developer UX that integrates the entire code security scanning and remediation process into the dev environment. It provides automatic feedback on the security of every code change and offers automatic remediation, making it easy for developers to proactively and independently secure their code.
Getting Developers More Involved in Security
When asked how frequently they’re involved in application security-related activities during the development lifecycle, such as security reviews, issue resolution, and threat modeling, a whopping 62% of participants responded with a few times a year or never. While initially surprising, this result makes sense when compared to question number one – with a lack of time, training, and organizational prioritization, it’s no wonder that developers aren’t more involved. Participants specifically noted that security is frequently deprioritized in favor of feature delivery.
Developers were asked to describe the collaboration between their company’s development and security teams, and most reported moderately positively. Only 8% of participants described their collaboration as excellent and without need for improvement.
A lack of involvement and only moderate collaboration become more alarming in relation to the results of the next question. When asked how strongly they agree or disagree with the following statement: “I have full visibility into the security of my services and the most critical security vulnerabilities that need to be resolved,” 47% of developers did not agree to some extent.
What’s needed is a platform like Jit that puts AppSec into the hands of developers without adding friction to their workloads. Jit’s dev-native UX, automated remediation, and simplified dashboards give developers full visibility and control over code security while meeting accelerated delivery schedules.
Improving the Security Culture Within Dev Teams
The results of the previous questions all highlight a lack of security culture within development teams, and when asked directly to describe the security culture, developers agreed. 61% of participants responded that security is only “somewhat important” or not a priority at all in their culture, and AppSec wasn’t integrated into their routines. There was a correlation between a stronger security culture and developer confidence in their ability to deliver secure code, showing how important it is for organizations to balance priorities between security and delivery.
Jit’s unified testing platform and dev-friendly UX help organizations implement an automated and practical AppSec program that is simpler for developers to adopt. It’s easy integrations and one-click activation make it less difficult to prioritize security while also delivering new features on schedule.
Jit Helps Developers Consistently and Independently Deliver Secure Code
Jit helps developers secure their own code while reducing complexity with a unified platform of more than 10 out-of-the-box security scanners. By fully integrating into CI/CD pipelines and developer environments, it reduces the friction between dev and security and improves the impact that automatic testing has on developer workloads. Jit’s Context Engine helps developers triage and focus on high-risk issues while filtering out the false positives, allowing them to meet day-to-day AppSec requirements while delivering features quickly. Jit’s unified testing platform and simplified dashboards enable organizations to prioritize security without delaying development cycles.
To Gain More Insights, Download Our Report: What Developers Think About Security in 2025 – and Why It Matters
