- For the last three years, half of developers have agreed security is important, but they don't dedicate enough time to it, according to Sonatype's 2019 survey of more than 5,550 IT professionals.
- Risk management, improved code and application quality, and meeting compliance requirements are the top three motivating factors for weaving security into the development lifecycle, according to the survey. About one-quarter of respondents said "'security' is synonymous with delivering 'quality.'"
- Just over one-quarter of companies have a mature DevOps adoption, and those organizations are 350% more likely to integrate automated security. About 47% of all companies deploy to production several times per week, though about 14% deploy once a week.
Intertwining security and software allows companies to find the sweet spot between speed and security. Agile serves as the prelude for DevSecOps as companies embrace more automated solutions. In fact, nearly one-third of developers trained in agile and waterfall practices were not provided security training, according to the survey.
The "shift left" mentality of moving security to the start of the development process allows companies to test for vulnerabilities sooner. Any points of concern can be addressed in one of the dependencies earlier on and developers don't have have to wait until the end of development to resolve the issue.
Line-of-business employees tend to have a less informed view of cybersecurity. Because of this, they are more inclined to adopt software with little regard to unmonitored tools because security was left out of the acquistion.
Improved code quality and input validation can help mitigate the risk of flaws and data leaks. DevSecOps, as opposed to DevOps, can resolve a flaw 12 times faster than a traditional organization. The automated component of DevSecOps allows for software scans and eases the burden of security.
However, confusion around DevOps itself has lost some of its impact due to unreliable marketing and hype.
DevOps stands in a position to unite development, operations and security, which can lead to more seamless processes. Risk reduction and a decrease in size of changes to production environments are the potential benefits of a DevSecOps culture and mindset.