Top Performing Software Development Teams Embrace DevSecOps Automation
March 23, 2017

Derek Weeks
Sonatype

Start with DevSecOps: Eat Carrots, Not Cupcakes

Mature development organizations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale, according to Sonatype's 2017 DevSecOps Community Survey.


Analysis of responses also found that IT organizations continue to struggle with breaches, as nearly a 50% increase was recorded between Sonatype’s 2014 and 2017 survey.

The adoption of DevOps around the world is evidenced by 67% of survey respondents describing their practices as very mature or of improving maturity. Where traditional development and operations teams (47%) see security teams and policies slowing them down, DevOps teams have discovered new ways to integrate security at the speed of development. Only 28% of mature DevOps teams believe they are being slowed by security requirements.

Other key findings from the survey include:

■ Developers are taking more responsibility for security with 24% of all respondents saying it’s a top concern while in mature DevOps organizations that number rises to 38%.

■ 58% of mature DevOps teams have automated security as part of Continuous Integration (CI) practices compared to 39% of all survey participants.

■ For DevOps teams, security controls are increasingly automated throughout the development lifecycle. 42% of mature DevOps organizations perform application security analysis at every stage of the software delivery lifecycle (SDLC). This number shrinks to just 27% when all survey respondents are counted.

■ 88% of survey respondents indicated that security was a top concern when deploying containers, yet only 53% leverage security solutions to address this problem.

■ 35% of organizations keep a complete software bill of materials to help them track down new open source vulnerabilities faster (e.g., Commons-Collection, Struts2).

■ 85% of those surveyed from highly mature DevOps practices received some form of application security training, ensuring awareness of secure coding practices. In immature DevOps practices, 30% received no training.


"As evidenced by this year’s survey results, organizations everywhere are now transforming their development from waterfall-native to DevOps-native tools and processes,” said Wayne Jackson, CEO, Sonatype. “Along the way, they are coming to grips with one simple fact: DevOps is not an excuse to do application security poorly; rather it is an opportunity to do application security better than ever.”

Methodology: The 2017 DevSecOps Community Survey provides visibility into the attitudes of software professionals toward DevOps best practices and the changing role of application security. The survey was conducted by Sonatype, Contino, DZone, Emerasoft, Ranger4, and Signal Sciences. The survey’s margin of error is ±2.02 percentage points for 2,292 IT professionals at the 95% confidence level.

Derek Weeks is VP and DevOps Advocate at Sonatype.

The Latest

June 28, 2017

Why Agile? DEVOPSdigest asked the experts for their opinions on what are the most important advantages of being Agile. Part 5, the final installment, covers how Agile improves product quality and the customer experience ...

June 26, 2017

Why Agile? DEVOPSdigest asked the experts for their opinions on what are the most important advantages of being Agile. Part 4 covers how Agile impacts team productivity ...

June 23, 2017

Why Agile? DEVOPSdigest asked the experts for their opinions on what are the most important advantages of being Agile. Part 3 covers how Agile enables you to grow and adapt to change ...

June 21, 2017

Why Agile? DEVOPSdigest asked the experts for their opinions on what are the most important advantages of being Agile. Part 2 is all about speed ...

June 19, 2017

Earlier this year, DEVOPSdigest featured a list of expert opinions on the essential steps to become agile. Now that we have an idea on how to achieve agility, however, we have to consider why. What's the payoff? With this question in mind, DEVOPSdigest asked the experts — including analysts, consultants and vendors — for their opinions on what are the most important advantages of being Agile ...

June 15, 2017

In the development community, creating additional efficiency through improved collaboration has been prevalent for some time. But despite the head start on the rest of the corporate world when it comes to collaboration, many organizations function today as they did 15-20 years ago. Since time is money in the tech world, outdated collaboration is a huge missed opportunity ...

June 14, 2017

Given the efforts we put in these days to deconstructing monolithic applications, and using distributed microservices to make us more agile, the potential for app performance to take a nosedive because of unseen (and unanticipated) network congestion and outages is only getting greater. There is help at hand, though, in the form of new ways to program network awareness directly into your code ...

June 12, 2017

What if you discover a fatal error or an exploit in your app? What if your app is down during a crucial time? As a developer, how you react to a crisis can mean the difference between minor blip and an embarrassing or costly company blunder. Here's a crisis management plan to get things right when they go wrong ...

June 08, 2017

Recently, the results from SmartBear Software's annual survey, the State of Code Review 2017: Trends & Insights into Dev Collaboration were released. One point I found interesting is that it suggests only 66 percent of organizations can get releases out on time. Why are the other 34 percent struggling to get releases out the door? ...

June 06, 2017

Today's app development landscape is competitive and expensive. Thousands of apps are released each month, and user acquisition and retention are costing app developers millions. User abandonment is one of the main battles of every app developer — as every lost user means another wasted investment ...

Share this