Delve into the practices of mature DevOps organizations.

Sticker_DabbingUnicorn
Happy vs Grumpy Developers

The happiest developers are 2.3x more likely to be using automated security tools. 

BugSticker
Open Source Related Breaches are Down

28% of mature DevOps practices confirmed an OSS related breach in the past 12 months.

TimeFliesSticker
No More Time, But Much More Automation

47% don't have enough time to spend on security, but mature DevOps teams have built in more automation.

55% of respondents deploy to production at least once per week.

It’s not what we do once in a while that shapes our practices, it is what we do consistently. 

SURVEY QUESTION: How frequently do you deploy to production?

  • 7
  • 11
  • 24
  • 13
  • 23
  • 9
  • 12
  • 1
  • With every change
  • Multiple times per day
  • Multiple times per week
  • Weekly
  • Every few weeks
  • Monthly
  • Multiple times per year
  • Yearly

Job satisfaction is higher in mature DevOps practices

Our survey reveals the more evolved DevOps practices are, the happier we found their developers. Happy developers spend more time thinking about security than their grumpy peers.

 

Happy Developers

 

Grumpy Developers

  • 92%
     
     
  • 61%
     
     

Agree: “I am satisfied with my job.”

  • 86%
     
     
  • 53%
     
     

Agree: “I would recommend my place of employment to other job seekers.”

  • 89%
     
     
  • 69%
     
     

Agree: “I feel like I can complete the work assigned to me.”

Mature DevOps practices prioritize WAF, OSS Governance, and IDS/IPS.

SURVEY QUESTION: What security tools do you or your team use?

 

Mature DevOps

 

Immature DevOps

  • 59
    51
  • 44
    31
  • 42
    33
  • 40
    28
  • 34
    23
  • 33
    15
  • 29
    14
  • 25
    13
  • 24
    10
  • 20
    8
  • WAF

    Web Application Firewall

  • OSS

    Open Source Software Governance

  • IDS/IPS

    Intrusion Detection/ Protection System

  • SAST

    Static Analysis Security Testing

  • DLP

    Data Loss Prevention

  • CSA

    Container Security

  • DAST

    Dynamic Analysis Security Testing

  • SCA

    Software Composition Analysis

  • IAST

    Interactive Application Security Testing

  • RASP

    Runtime Application Self Protection