SAN FRANCISCO - RSA Conference -, March 04, 2019 (GLOBE NEWSWIRE) -- Sonatype, the inventors of software supply chain automation, today published findings from its 6th annual DevSecOps Community Survey of 5,558 IT professionals, making it the largest DevOps survey ever conducted. The survey, developed in partnership with CloudBees, Carnegie Mellon’s Software Engineering Institute, Signal Sciences, 9th Bit, and Twistlock, unveiled a new portrait of what organizations with elite DevSecOps programs look like in the face of accelerating attacks from bad actors.
As DevOps practices are maturing rapidly, elite organizations are automating security earlier in the development lifecycle and managing software supply chains as a critical differentiator to their competitors. The survey results revealed that organizations with elite DevSecOps programs are outperforming other enterprises by extreme margins. Those factors include:
“Forty seven percent (47%) of the organizations we surveyed are deploying to production multiple times a week, while the velocity of their security practices are also increasing,” said Derek Weeks, VP and DevOps Advocate at Sonatype. “The DevSecOps community has shown us that elite organizations are performing significantly less manual work, seamlessly blending security into their developers’ world, and are better prepared for remediating security incidents as they arise, when compared to their counterparts without DevOps practices.”
Other key findings from the largest DevOps survey ever include:
Additional Resources:
Supporting quotes:
"Every organization with a DevOps framework should evolve towards a DevSecOps mindset," said Shawn Ahmed, vice president of product marketing, CloudBees. "The objective is to treat security as a core component throughout the software delivery pipeline as opposed to thinking of it as an afterthought. As security threats continue to evolve it's easy to see the value of evolving towards DevSecOps."
“Key DevOps principles including: continuous learning via collaboration, automation (CI/CD), infrastructure as code, and monitoring, help ensure effective and timely responses to any breach”, said Hasan Yasar, technical manager and adjunct faculty member for Carnegie Mellon’s Software Engineering Institute. “We must all recognize security is a living thing and organizations should be prepared to prevent and respond to breaches at any moment within their application lifecycle. It is difficult to imagine proper cybersecurity hygiene and sufficient preparations for a breach without DevSecOps in place.”
"A key point in the DevSecOps community survey showed that no matter how much you have optimized your team for DevOps or sped up your software delivery cycle, there is still a significant gap between what security wants and how everyone else is able to understand that," said James Wickett, head of research at Signal Sciences. "This is a foundational communication gap which leaves many developers with the conclusion: security is a mystery. It's also a gap that needs to be closed. Developers need security prioritization at speed. They should be able to know if they are under attack or not."
About the Survey
The 2019 DevSecOps Community Survey provides visibility into the attitudes of software professionals toward DevOps best practices and the changing role of application security. The results reported here came in response to 41 questions asked by Sonatype and our DevOps community advocates including CloudBees, Signal Sciences, Twistlock, and Carnegie Mellon’s Software Engineering Institute. The survey’s margin of error is ± 1.226 percentage points for 5,558 IT professionals at the 95% confidence level.
About Sonatype
More than 10 million software developers rely on Sonatype to innovate faster while mitigating security risks inherent in open source. Sonatype’s Nexus platform combines in-depth component intelligence with real-time remediation guidance to automate and scale open source governance across every stage of the modern DevOps pipeline. Sonatype is privately held with investments from TPG, Goldman Sachs, Accel Partners, and Hummer Winblad Venture Partners. Learn more at www.sonatype.com.