According to the U.S. Bureau of Labor Statistics’ 10-year economic outlook, computer software engineers who work in the application professions sector are expected to be the fourth fastest-growing occupation between 2006 and 2016, increasing by 44.6 percent.
Yet making sure that software is built in a secure way has typically been a secondary concern within the field.
“Software developers have never considered security as really part of their domain. But this is changing,” John Pescatore, a Gartner analyst, told eWEEK.
But this stands to change. According to Gartner research, 75 percent of attacks are now targeting applications. Furthermore, as more Web sites develop Web 2.0 technologies and consumers continue to demand mash-up services, developers who know how to incorporate security into the initial creation of applications are expected to carve out an important niche for themselves.
“The job is at the intersection of security and software development. In the last couple years these security issues have risen to the forefront of a concern about doing business online,” Mike Weider director of security products at Rational, a division of IBM.
IBM is just one of the companies that view these software security developers as an important specialty that will make a big impact in making the software consumers and businesses use every day more secure.
“Organizations have to wake up to software security and when they look at how they’re going to address it, the real problem is often a lack of skill within their development groups. They’re looking to hire resources who can educate the rest of the organization while creating and designing security programs,” said Weider.
Where software developers are going to learn more about building secure applications is still unclear. Currently, most software developers aren’t picking up this information at the university level.
“It’s clear that there is a huge problem with software security and the reason is that application developers have traditionally not been trained in security. If you look at most computer science programs today, you don’t see a lot a lot of emphasis on security training,” said Weider.
While universities increasingly have a security curriculum, they don’t have elements of this included in software engineering.
“You’re not learning good security practices and coding at the same time, and that’s definitely something we need to see changed,” said Pescatore.
Businesses are increasingly requiring everyone in software development to undertake security training, with companies such as Cigital and Security Innovation coming in to retrain software developers on how people attack software and how to avoid some common pitfalls.
Once a software developer has this information under the belt, however, they become much more appealing hires. While most companies don’t have a position titled Secure Software Developer, banks and financial services companies appear to be the earliest adopters of this role, followed by contract arrangements.
“One place where there is strong employment in this skill is in consulting firms, who are hiring developers and engineers to help them fix their security problems,” said Weider.
The companies that are hiring for this position are willing to pay a premium for these developers.
“Those who have this kind of skill can now easily command a higher salary,” said Weider.