The DevOps landscape is constantly adapting and evolving. Most importantly, it is continuously expanding, as the "need for speed" in software development becomes even more business critical. However, as important as speed is, as we learn about breach after breach in the news, we often find ourselves with more questions than answers about how organizations address security concerns - while still enabling faster and faster development.
This is why we do the DevSecOps Community Survey every year - to follow how organizations adapt, to better comprehend what previous challenges were overcome (and what new challenges have popped up), and to examine what approaches are being prioritized within teams to better identify potential risks. We believe these questions are important, and it's why we're looking to all of you to help us understand the state of DevSecOps.
Sonatype, along with Cloudbees, Twistlock, Signal Sciences, Carnegie Mellon SEI, All Day DevOps, and DevSecOps Days, launched its annual DevSecOps Community Survey last week. Since then, we've already received over 2,500 responses, but we have a goal of making this the most comprehensive study - and we can't do that without more help from all of you.
Since we first started this survey, each year has shown that DevOps and automated security practices are maturing. Each year, more and more respondents share that they've changed practices to align more with a DevSecOps mentality. With news consistently breaking about the latest vulnerability or breach, the need for governance policies within DevOps practices is further reinforced - and organizations are beginning to respond. Slowly but surely, the industry is incorporating automated security into their development processes. In fact, 2018 saw a 15% increase in automated security among mature DevOps practices.
While we've learned that security is difficult to ignore when it's embedded where developers already are, there is much more to understand about current practices. The voice of the community these past five years has been invaluable, and we recognize that the experiences of those in the community can help us learn what resources are needed to support this ongoing cultural shift.
For example, in 2018, we found that 48% of developers knew that security was important, but didn't have enough time to spend on it. We'll be watching closely to see how this has changed. We want to know what we, as a community, can do to support those who recognize there is an issue, but may not have the resources they need to do anything about it. How have others in similar situations navigated this dilemma?
We invite you to fill out the 2019 DevSecOps Community survey today; you may even win one of our prizes (a Macbook or $500 Amazon gift card doesn’t sound too shabby, does it?). Everyone who takes the survey will receive a first look at the results - which will be released in early Spring.
Tags
Code 3x Faster with Less False Positives
Build, test, and launch secure applications without rework. Explore how the Sonatype platform can enhance productivity and security.