Sonatype has conducted its annual DevSecOps survey

Developers that use mature DevOps and DevSecOps practices are happier

Maika Möbus
© Shutterstock / aurielaki

The software company Sonatype has released its seventh annual DevSecOps Community Survey, in which it reveals some interesting findings. According to the data, not only does DevSecOps make code more secure, but it is also makes developers happier! Let’s take a closer look.

Over 5,000 respondents took part in Sonatype’s 2020 DevSecOps Community Survey, which was announced in a press release.

The participants hold different organizational roles and come from various countries, mainly the US, UK, India, Canada and Germany. The majority were working in the tech sector (39%), banking and financial services (15%), and consulting services (7%).

SEE ALSO: DevSecOps Panel – Best DevOps Security Practices & Best Tools

Let’s dive right into the findings.

DevOps maturity

The adoption of DevOps maturity was rated as “mature” by 15% of respondents and “improving” by 36%. “Immature” (49%) received the highest number of answers. 55 percent, though, said they deploy at least once per week—and of these, 24% deploy multiple times per week. Yearly deployments, on the other hand, are becoming very rare: this model was being used by only 1 percent.

DevSecOps tools

Mature and immature DevOps practices show some different preferences regarding the adoption of security tools. WAF (Web Application Firewall) and OSS (Open Source Software Governance) top the list for both maturity levels. WAF was being used by 59% of mature and 51% of immature DevOps teams, and OSS by 44% (mature) and 31% (immature).

The next most popular tools were IDS/IPS (Intrusion Detection/Protection System), SAST (Static Analysis Security Testing) and DLP (Data Loss Prevention). Further down the list, the difference in usage rates increased: CSA, DAST, SCA and IAST were being used twice as often by mature DevOps teams.

Not surprisingly, mature DevOps teams also stated almost twice as often that they have properly integrated security tools into their pipeline.

Security breach awareness

In this year’s survey, 24 percent of respondents stated that they had confirmed or suspected security breaches within the last 12 months. Depending on the DevOps maturity, the responses varied between 19% and 28%.

Sonatype interprets the findings to imply that higher maturity levels did not lead to an increased number of breaches, but rather to an increased awareness in breaches:

Failures are not silent in mature DevOps practices, but rewarded.

Developer happiness

Sonatype didn’t just want to know about the hard facts—they also wanted to see how happy DevOps team members are. It turns out that job satisfaction increases with DevOps maturity: 92% of respondents in mature teams said they are satisfied with their job whereas only 61% agreed with this statement in immature DevOps teams.

SEE ALSO: 90% of remote workers would recommend it to a friend

Another finding was that code security analysis was performed significantly more often by happy developers: 65% of happy developers said they perform code security analysis, compared to only 34% of grumpy developers. Friction between colleagues was also encountered less often by happy developers.

For more DevSecOps insights and to find out about the participants’ favorite pizza toppings (including pineapple), see the full report.

Maika Möbus
Maika Möbus has been an editor for Software & Support Media since January 2019. She studied Sociology at Goethe University Frankfurt and Johannes Gutenberg University Mainz.

Inline Feedbacks
View all comments