Developers that use mature DevOps and DevSecOps practices are happier
The software company Sonatype has released its seventh annual DevSecOps Community Survey, in which it reveals some interesting findings. According to the data, not only does DevSecOps make code more secure, but it is also makes developers happier! Let’s take a closer look.
The participants hold different organizational roles and come from various countries, mainly the US, UK, India, Canada and Germany. The majority were working in the tech sector (39%), banking and financial services (15%), and consulting services (7%).
Let’s dive right into the findings.
The adoption of DevOps maturity was rated as “mature” by 15% of respondents and “improving” by 36%. “Immature” (49%) received the highest number of answers. 55 percent, though, said they deploy at least once per week—and of these, 24% deploy multiple times per week. Yearly deployments, on the other hand, are becoming very rare: this model was being used by only 1 percent.
Mature and immature DevOps practices show some different preferences regarding the adoption of security tools. WAF (Web Application Firewall) and OSS (Open Source Software Governance) top the list for both maturity levels. WAF was being used by 59% of mature and 51% of immature DevOps teams, and OSS by 44% (mature) and 31% (immature).
The next most popular tools were IDS/IPS (Intrusion Detection/Protection System), SAST (Static Analysis Security Testing) and DLP (Data Loss Prevention). Further down the list, the difference in usage rates increased: CSA, DAST, SCA and IAST were being used twice as often by mature DevOps teams.
Not surprisingly, mature DevOps teams also stated almost twice as often that they have properly integrated security tools into their pipeline.
Security breach awareness
In this year’s survey, 24 percent of respondents stated that they had confirmed or suspected security breaches within the last 12 months. Depending on the DevOps maturity, the responses varied between 19% and 28%.
Sonatype interprets the findings to imply that higher maturity levels did not lead to an increased number of breaches, but rather to an increased awareness in breaches:
Failures are not silent in mature DevOps practices, but rewarded.
Sonatype didn’t just want to know about the hard facts—they also wanted to see how happy DevOps team members are. It turns out that job satisfaction increases with DevOps maturity: 92% of respondents in mature teams said they are satisfied with their job whereas only 61% agreed with this statement in immature DevOps teams.
Another finding was that code security analysis was performed significantly more often by happy developers: 65% of happy developers said they perform code security analysis, compared to only 34% of grumpy developers. Friction between colleagues was also encountered less often by happy developers.
For more DevSecOps insights and to find out about the participants’ favorite pizza toppings (including pineapple), see the full report.