35% of DevOps professionals are affected by vulnerabilities and
learning is the top goal for new developers
The full picture is now complete. With the latest addition of the final 2 industry reports, the 6-report series puzzle is now complete and all the 2024 insights on software developer trends are available.
You can go back and have a look at the first and second waves which kicked-off and continued the series. Or keep reading to see what new insights we have in store for you.
The final release focuses on:
Understanding the new Machine Learning and Artificial Intelligence software developer profiles
Exploring the practices and threats in Software Supply Chain Management
Every report is available in the SlashData Research Space and you can quickly access the one that interests you at the index at the end of this post.
Let’s explore together the latest insights software developers have to offer.
Developer Research Report: Profiling on new ML/AI developers
Who are the developers who just started their journey in ML/AI development?
Just as the internet once revolutionised communication and smartphones transformed our daily lives, today, ML and AI are at the forefront of the technological frontier. This
transition is not just a tale of their persistent march forward but also the people behind it. In order to understand the people’s potential influence on the field of ML/AI, in this
report we will examine the backgrounds of developers who are new to this field.
76% of newcomers to ML/AI have less than five years of experience in software development
The majority of newcomers to ML/AI are those with less than five years of experience in software development, accounting for 76% of the total, substantially higher than the average of other sectors (61%). On the other hand, only 9% of beginners in ML/AI have more than 15 years of experience in software development, compared to 15% of the industry average, further highlighting the field’s appeal to newcomers in the world of development.
Region, programming language
Looking at the share of ML/AI beginners within each region, we find that the vast majority of ML/AI developers in South Asia are beginners in the field (90%). This likely stems from this region having a significantly higher concentration of students in ML/AI compared to other regions (66% vs 36% at a global average). As we noted above, a fair share of ML/AI developers are students.
To understand how beginners in the field of ML/AI behave, it’s also important to compare them with their more experienced counterparts – developers with three or more years of experience.
Machine learning and Artificial intelligence developers’ goals
Beginners’ goals in ML/AI derive mainly from personal needs and interests, with the goal for 27% of them being to learn or gain experience in order to maximise future opportunities, compared to 16% of experienced ML/AI developers. On the other hand, experienced developers show a stronger orientation towards pragmatic goals, with a fifth of them (22%) focused on increasing organisational efficiency or reducing costs, as opposed to 15% of beginners.
What else do you want to know about new ML/AI developers? Access the answers in the full free industry report.
Developer Research Report: Threats in software supply chain management
Which are the main risks for organisations that build and maintain software?
Software security and reliability are crucial aspects for organisations, which employ various practices and strategies to ensure them. However, despite best efforts, DevOps teams still face threats related to software supply chain management.
Types of threats faced by DevOps teams
Only a third of DevOps professionals working for organisations report facing no threats in the past year. In this report we focus on the 45% of DevOps professionals who are aware that their organisation has faced software supply chain security threats in the past 12 months.
Third-party-related threats are the most common software supply chain threats faced by organisations
Third-party-related threats emerge as the most common type among these developers, with 35% experiencing software vulnerabilities in third-party libraries or components in the last year. Additionally, 26% of developers report threats from unstable third-party services or APIs. This highlights the importance of thorough due diligence before integrating third-party providers and the need for ongoing monitoring after integration. Alarmingly, only 17% of DevOps professionals report that their organisation performs risk assessments of third-party vendors, a practice that could help reduce exposure to these prevalent threats.
As organisations grow in size, they become more vulnerable to certain types of software supply chain threats
While most software supply chain threats don’t show a strong relationship with organisation size, we find that the incidence of some of the most common threats tends to increase as organisations become larger, in some cases nearly doubling.
For DevOps professionals whose organisations experienced software supply chain threats in the past year, and they are aware of them, 31% of those working for small businesses (2-50 employees) report software vulnerabilities in third-party libraries or
components. However, this rises to 41% among developers in large enterprises (1,000+ employees). Larger organisations likely integrate and depend on more third-party components due to the scale and complexity of their operations, increasing exposure to these vulnerabilities. Hence, performing risk assessments of third-party vendors must be a priority for larger organisations wishing to secure their software supply chain.
The incidence of ransomware attacks nearly doubles for large organisations
In addition to third-party risks, the occurrence of supply chain attacks also increases, from 12% in small businesses to 20% in large enterprises. Similarly, large enterprises have a greater attack surface due to more complex software supply chains with more
dependencies and integration points. Therefore, it is recommended to scan dependencies on an ongoing basis – a practice that only 20% of DevOps professionals report that their organisation is doing – especially as organisations increase the number of dependencies and complexity of their software supply chain.
Ransomware attacks targeting software or code repositories are another area of concern that scales with organisation size. They impact 11% of DevOps professionals in small businesses and this almost doubles to 21% among those at large organisations, likely because of the potential of higher ransom payouts.
In the full report we also look at the substantial difference between industries. Access the full report in the SlashData Research Space.
The full picture
The puzzle is complete. All reports in the State of the Developer Nation series are now available.
You can access all reports at the SlashData Research Space. Pick the one you want to dive in first:
If you are looking to address a tailored question or want to take advantage of our expertise in surveying developers, let’s talk.
The Developer Nation survey
If this is the first time you heard about SlashData, I’m happy to share a few quick words. SlashData is a developer research company. Every quarter, SlashData runs a survey on the globe developer audience, to measure the pulse of the developer ecosystem and how they feel about new technologies, tools, platforms, the support from developer programs and more. Following the closing of the survey, our expert analysts work on identifying key trends and translate raw data into actionable insights that professionals and companies addressing a developer audience can utilise to fine-tune their strategy and address developers’ needs and wants.
Are you a software developer? Take the survey.
About the author
Stathis Georgakopoulos, Product Marketing Manager
Always keen to see what’s next in the industry, Stathis is the Product Marketing Manager for SlashData, setting the table and running the marketing activities. He's our go-to guy for all things marketing and does not hide his love for content marketing and creating helpful content.
