Top Performing Software Development Teams Embrace DevSecOps Automation
March 23, 2017

Derek Weeks
Sonatype

Start with DevSecOps: Eat Carrots, Not Cupcakes

Mature development organizations ensure automated security is woven into their DevOps practice, early, everywhere, and at scale, according to Sonatype's 2017 DevSecOps Community Survey.


Analysis of responses also found that IT organizations continue to struggle with breaches, as nearly a 50% increase was recorded between Sonatype’s 2014 and 2017 survey.

The adoption of DevOps around the world is evidenced by 67% of survey respondents describing their practices as very mature or of improving maturity. Where traditional development and operations teams (47%) see security teams and policies slowing them down, DevOps teams have discovered new ways to integrate security at the speed of development. Only 28% of mature DevOps teams believe they are being slowed by security requirements.

Other key findings from the survey include:

■ Developers are taking more responsibility for security with 24% of all respondents saying it’s a top concern while in mature DevOps organizations that number rises to 38%.

■ 58% of mature DevOps teams have automated security as part of Continuous Integration (CI) practices compared to 39% of all survey participants.

■ For DevOps teams, security controls are increasingly automated throughout the development lifecycle. 42% of mature DevOps organizations perform application security analysis at every stage of the software delivery lifecycle (SDLC). This number shrinks to just 27% when all survey respondents are counted.

■ 88% of survey respondents indicated that security was a top concern when deploying containers, yet only 53% leverage security solutions to address this problem.

■ 35% of organizations keep a complete software bill of materials to help them track down new open source vulnerabilities faster (e.g., Commons-Collection, Struts2).

■ 85% of those surveyed from highly mature DevOps practices received some form of application security training, ensuring awareness of secure coding practices. In immature DevOps practices, 30% received no training.


"As evidenced by this year’s survey results, organizations everywhere are now transforming their development from waterfall-native to DevOps-native tools and processes,” said Wayne Jackson, CEO, Sonatype. “Along the way, they are coming to grips with one simple fact: DevOps is not an excuse to do application security poorly; rather it is an opportunity to do application security better than ever.”

Methodology: The 2017 DevSecOps Community Survey provides visibility into the attitudes of software professionals toward DevOps best practices and the changing role of application security. The survey was conducted by Sonatype, Contino, DZone, Emerasoft, Ranger4, and Signal Sciences. The survey’s margin of error is ±2.02 percentage points for 2,292 IT professionals at the 95% confidence level.

Derek Weeks is VP and DevOps Advocate at Sonatype.

The Latest

October 16, 2017

A survey of more than 750 development team leaders in the US and UK, revealed that 68 percent plan to build more apps during the next 12 months. At the same time as reporting increased volumes of development, 91 percent of developers surveyed agree that user expectations for innovation and quality have increased, but app deliveries continue to fail ...

October 12, 2017

Today, organizations must digitally evolve or they risk becoming irrelevant. One area that’s been growing in adoption is a shift to developing and deploying modern applications in the cloud, which requires software and IT architects to rethink how to architect and manage these apps ...

October 10, 2017

Designing and deploying complete software-defined data centers (SDDCs) can be complicated because each implementation requires a broad range of infrastructure to support heavy demands for compute, networking, storage, applications and security ...

October 05, 2017

According to LogiGear's State of Software Testing Survey, almost one-third of the respondents are experiencing classic test automation issues. One problem commonly cited among respondents was that management didn’t fully understand what it takes to have a successful automation program ...

October 04, 2017

Load balancing at the DNS (Domain Name System) level has been around for a few decades now, but it didn't become crucial until recently as technology is moving to the cloud. DNS is the perfect solution for managing cloud systems ...

October 02, 2017

QualiTest recently compiled a data report analyzing software testers globally. The report details the Quality Assurance and Software Testing job market, one of the fastest growing job markets and a bellwether of tech employment due to QA's involved in nearly every conceivable industry ...

September 28, 2017

API use is exploding among developers, as APIs are an essential part of software development for the web, IoT, mobile and AI applications. APIs allow a developer to create programs or apps that can successfully request services or data from other applications or operating system. This connectivity, though powerful, is complex, and that complexity grows with new apps, new hardware such as the new iPhone and Echo, and the creation of new APIs ...

September 26, 2017

Companies are placing a greater value on high performing IT professionals as IT demands continue to escalate, according to Puppet's DevOps Salary Report ...

September 25, 2017

Code working perfectly doesn't matter much if apps aren't reaching customers, or are negatively impacted by network latency or outages. All the customer cares about is how they are enjoying an app. To effectively guarantee application availability and usage satisfaction, DevOps teams need to leverage three important application assurance data sets into their delivery automation logic ...

September 21, 2017

There are many options when it comes to container orchestration platforms and services. Figuring out which one is best for a particular organization’s needs and applications can be a challenge. Which platform for containerization you choose can significantly influence your business success, so the selection process should be carefully considered ...

Share this