The State of Software Engineering Excellence 2025, based on responses from more than 650 engineering leaders, exposes critical failures across the software delivery lifecycle, costing companies millions in lost productivity and stifled innovation.
The report offers a clear look at where many software teams are still struggling to scale core engineering capabilities:
• 67% of software teams cannot build and test their development environment within 15 minutes
• 64% of infrastructure code deployments still rely on manual steps
• 61% of engineering leaders say code reviews take over a day to complete
• 55% of build pipelines lack proper quality gates
• 52% of engineering teams do not have key tools to support incident management
• 50% of application deployments still rely on manual processes
"What we're seeing is an epidemic of engineering inefficiency that's holding back innovation across the industry," said Martin Reynolds, Field CTO at Harness and creator of the Engineering Excellence Maturity Assessment. "Organizations are burning through millions of dollars in developer productivity while simultaneously exposing themselves to significant security and operational risks."
Developer Experience Crisis Threatens Competitive Advantage
The study reveals that breakdowns in fundamental developer experience are creating massive productivity drains. Nearly one-third (29%) of engineering teams have no software catalog at all, and just 21% have catalogs that automatically update with changes, forcing developers to waste time tracking down basic information about the systems they're building.
These inefficiencies are compounded by a skills development gap, with just 19% of engineering leaders report having a structured curriculum for upskilling and reskilling engineers. This lack of systematic talent development leaves organizations vulnerable as technology landscapes rapidly evolve.
Planning processes are similarly strained. One in four engineering leaders report that more than 70% of requirements lack clearly defined acceptance criteria, while over half (54%) have experienced average scope creep above 20% in recent sprint cycles, resulting in costly rework, delivery delays, and widespread developer frustration.
Security and Quality Gaps Create Unprecedented Risk
The security picture is equally alarming, with security and quality breakdowns leaving organizations dangerously exposed to supply chain attacks and production incidents. Most concerning: nearly one in ten organizations allow critical-severity bugs to reach production environments, and 38% of engineering leaders admit that most of their build pipelines lack security scan gates. Moreover, median resolution times remain extremely slow, with 45% of respondents saying it takes at least seven days or more to resolve high-severity security issues.
Training gaps only deepen the risk. While over half of developers (56%) receive training annually or semi-annually on security best practices, nearly a quarter (23%) are never trained on security measures – meaning nearly one in four developers are operating without proper security knowledge in a threat-rich environment.
"In an era where software supply chain attacks are making headlines weekly, these gaps represent existential threats to business continuity," said Reynolds. "Organizations are essentially flying blind when it comes to understanding what's actually in their software and how vulnerable they are to attack."
Multi-Million Dollar Impact Points to Clear Solution Path
The financial cost is staggering, with organizations facing millions in lost productivity annually due to inefficient onboarding processes and untapped savings opportunities from eliminating manual build processes and deployment toil. When factoring in the cost of security incidents, production outages, and talent retention challenges, the true cost runs into tens of millions for enterprise organizations.
The report identifies a clear solution: a platform-centric approach that unifies developer experience, security, and operational efficiency. By adopting a comprehensive software delivery platform – with automated pipeline creation, intelligent testing, and integrated security scanning – organizations can eliminate friction, reduce risk, and transform engineering inefficiency into competitive advantage.
