MacStadium announced that it has obtained Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) Level 1, meaning that MacStadium has publicly documented its compliance with CSA’s Cloud Controls Matrix (CCM), and that it joined the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
Developers' Top Pain Points in Open Source Runtimes
December 03, 2018
ActiveState surveyed developers and programmers in 92 countries to better understand their pain points and assess how businesses can better work with their organizations. The survey results establish a starting point for understanding the challenges that coders (developers, engineers, data scientists, QA and so on) confront when working with open source runtimes.
Blocks to Productivity
One fact the survey highlighted is that developers need to streamline their workflow in order to increase productivity. Developers and programmers spend only two to four hours of their day programming, on average. Productivity is disrupted due to time spent managing other issues such as polyglot environments and retrofitting. Enterprises are lacking resources that developers need to streamline their workflow.
The survey confirmed that security, defined here as being up to date with the latest or most secure version of packages used, is suffering. Management is unable to assess risks due to lack of visibility. For instance, 61 percent of respondents found it difficult or very difficult to get information about package quality – security, activity or updates.
Production code isn't being tracked, creating a gap in vulnerability assessment. This creates additional issues in security as there is lack of visibility of where code is specifically running that requires updates or patches. Consequently, half of developers surveyed expressed a deep concern about security.
In addition, new tool adoption turns out to be more cumbersome than helpful. In fact, developers already spend 74 % of their time managing dependencies and development tools. A whopping 67 % – more than two-thirds – opted out of implementing a new programming language due to the hassle of incorporating a new programming language. Not surprisingly, adding or incorporating a programming language into an organization was rated the most difficult challenge, by a significant margin; 56% of all respondents rated this as difficult or very difficult.
Bridging the Developer-Enterprise Gap
The above survey data is an invaluable tool to measure and track progress towards solving open source runtime pains that developers are experiencing. In order to relieve developers of these pains and better enable quicker release updates, we need to look at a top-down and bottom-up approach. The gap between the developer and the enterprise needs to be bridged through clear communication of needs.
One approach is to have a "bill of materials" of all the packages running in production as well as the applications and their respective dependencies of where the code is running.
Another approach is to facilitate the developer implementing what's required from a license and security perspective. Solving developers' problem spots will increase their productivity and their job satisfaction, benefiting developers and their organizations alike.
Industry News
May 08, 2024
The Cloud Native Computing Foundation® (CNCF®) released the two-day schedule for CloudNativeSecurityCon North America 2024 happening in Seattle, Washington from June 26-27, 2024.
May 08, 2024
Sumo Logic announced new AI and security analytics capabilities that allow security and development teams to align around a single source of truth and collect and act on data insights more quickly.
May 08, 2024
Red Hat is announcing an optional additional 12-month EUS term for OpenShift 4.14 and subsequent even-numbered Red Hat OpenShift releases in the 4.x series.
May 08, 2024
HAProxy Technologies announced the launch of HAProxy Enterprise 2.9.
May 08, 2024
ArmorCode announced the general availability of AI Correlation in the ArmorCode ASPM Platform.
May 08, 2024
Octopus Deploy launched new features to help simplify Kubernetes CD at scale for enterprises.
May 08, 2024
Cequence announced multiple ML-powered advancements to its Unified API Protection (UAP) platform.
May 07, 2024
Oracle announced plans for Oracle Code Assist, an AI code companion, to help developers boost velocity and enhance code consistency.
May 07, 2024
New Relic launched Secure Developer Alliance.
May 07, 2024
Dynatrace is enhancing its platform with new Kubernetes Security Posture Management (KSPM) capabilities for observability-driven security, configuration, and compliance monitoring.
May 07, 2024
Red Hat announced advances in Red Hat OpenShift AI, an open hybrid artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across hybrid clouds.
May 07, 2024
ServiceNow is introducing new capabilities to help teams create apps and scale workflows faster on the Now Platform and to boost developer and admin productivity.
May 06, 2024
Red Hat and Oracle announced the general availability of Red Hat OpenShift on Oracle Cloud Infrastructure (OCI) Compute Virtual Machines (VMs).
May 06, 2024
The Software Engineering Institute at Carnegie Mellon University announced the release of a tool to give a comprehensive visualization of the complete DevSecOps pipeline.
