Organizations with mature DevOps practices are far more likely to integrate automated security, report shows
Featuring the responses of more than 5,500 participants, the 2019 DevSecOps Community Survey offers detailed insights into the DevOps and DevSecOps ecosystem. Let’s have a closer look at the most important interesting highlights.
Time to have a look at the 2019 DevSecOps Community Survey.
Featuring the responses of more than 5,500 participants, the survey offers detailed insights into the DevOps and DevSecOps ecosystem.
From DevOps maturity to the most important security challenges, this survey explores a broad spectrum of topics and provides valuable data.
It is interesting to see that while the percentages of organizations with either mature or immature DevOps practices are almost equal (27% have mature practices and 25% immature), the vast majority of the respondents (48%) are in the process of improving their DevOps practices.
But with no further ado, let’s have a look at the most interesting and significant findings in the DevSecOps sphere.
The security highlights
To start things off, it is important to see what motivates organizations to implement security. According to the survey, 1 in 4 respondents considers “security” to be synonymous to delivering “quality”.
A very interesting finding presented in this survey is that, although developers still believe security is important, they do not have enough time to spend on it.
Exploring the responses to the question “At what point in the development process does your organization perform automated application security analysis?”, it becomes apparent that organizations with mature DevOps practices are far more likely to integrate automated security.
Moving on to the nature of the security tools used by the participants, container and application security are the most used by DevOps practitioners while non-DevOps organizations mostly use web application firewalls.
Looking a bit deeper into security vulnerabilities and breaches that can be attributed to a vulnerability in an open source component or dependency, 27% of DevOps practitioners and 21% of non-DevOps practitioners reported that their organization has encountered such breaches in the last 12months.
Following these results, it is important to point out that while 81% of DevOps practitioners have a cybersecurity incident response plan in place, only 63% of non-practitioners reported having such a plan in effect.
Last but not least, let’s have a look at the top challenges the participants face with the application security process.
Both DevOps practitioners and non-practitioners reported finding out about issues too late in the process and they rank this as their top challenge.
If you are interested in seeing the detailed findings and find out more about the state of DevSecOps in 2019, you can find the full report here.