SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

WhiteSource Finds Developers Eye Speed at Expense of Security

October 6, 2020

WhiteSource released the findings of its DevSecOps Insights Report, which was aimed at better understanding the level of DevSecOps maturity inside organizations.

20% of respondents described their organizations' DevSecOps practices as "mature", while 62% said they are improving practices and 18% as "immature".

The survey gathered responses from over 560 developers and application security professionals in North America and Western Europe about the state of DevSecOps implementation in their organizations.

Additional key insights from the report included:

In order to meet short deployment cycles, 73% of security professionals and developers feel forced to compromise on security

AppSec tools are purchased to 'check the box', disregarding developers' needs and processes, resulting in tools being purchased but not used

Developers don't fully use the tools purchased by the security team. The more the mature an organization is in terms of its DevSecOps practices, the more AppSec tools they use

There is a significant "AppSec knowledge and skills gaps" challenge that is largely neglected by organizations
While 60% of security professionals say they have had an AppSec program in place for at least a year, only 37% of developers surveyed reported that they were not aware of an AppSec program running for longer than a year inside their organization

Security professionals' top challenge is prioritization, but organizations lack the standardized processes to streamline vulnerability prioritization

"Survey results show that while most security professionals and developers believe that their organizations are in the process of adopting DevSecOps, most organizations still have a way to go, especially when it comes to breaking down the silos separating development at security teams," said Rami Sass, CEO and co-founder of WhiteSource. "Full DevSecOps maturity requires organizations to implement DevSecOps across the board. Processes, tools, and culture need to evolve in order to break down the traditional silos and ensure that all teams share ownership of both security and agility."

Terms of Use | Copyright 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement