The latest webinar in Sonatype's DevOps Download series, presented in partnership with The New Stack, offered an in-depth exploration into how DevOps pioneers are catalyzing significant shifts within organizations.
Hosted by Charles Humble of The New Stack, the session titled "How DevOps Pioneers Are Leading the Next Wave of Organizational Change" featured insights from two speakers:
- Dr. Stephen Magill, vice president of product innovation at Sonatype
- Gene Kim, best-selling author, researcher, and award-winning chief technology officer (CTO)
Key takeaways
Kim and Magill, who previously collaborated on Sonatype's State of the Software Supply Chain report, spoke about recent DevOps research, covered a recent security breach in the news, and gave their opinions on information security in modern software development.
Insights from DevOps research
Gene Kim opened the discussion by reflecting on the findings from his long-standing research into DevOps practices.
Kim mainly covered his "State of DevOps" research, an extensive study that surveyed 36,000 participants over six years and highlighted aspects of high-performing IT organizations. One premise from the study was that high-performing software development organizations exist and massively outperform their non-high-performer peers.
"High performers deploy multiple times a day, two orders of magnitude more frequently than their peers," said Kim. "When they do a deployment, they are seven times more likely to succeed without causing a SEV-1 outage, a service impairment, a security breach, or compliance failure. When something goes wrong, they can fix those issues in one hour or less, as measured by the mean-time-to-restore service."
Magill drew a parallel of high performance with software supply chain management, saying practices that are focused on security actually have a performance impact as well. Kim added detail by mentioning another finding from his research.
"We also found that these high performers are twice as likely to exceed profitability, market share, and productivity goals," said Kim. "So to me, what this says is that if mission achievement requires work that we do in technology value streams, DevOps helps with the achievement of those objectives."
Transforming organizational efficiency through strategic wiring
In reference to his latest book, "Wiring the Winning Organization," Kim discussed his collaboration with Dr. Steven Spear as they explored how organizations function optimally or falter due to their systemic "wiring."
"We found that DevOps, agile, and the Toyota production system among others are all incomplete expressions of a far greater but also simpler whole," said Kim, highlighting the universal principles underlying effective production systems.
He then outlined three "layers" that define an organization's operational framework:
- Layer One - Direct elements of work such as people, code, or products.
- Layer Two - Tools and technologies that support the work, like software or physical equipment.
- Layer Three - Processes, interfaces, and norms that connect teams and workflows, which Kim identifies as the most impactful layer for transformation.
Kim concluded effective organizational wiring, through principles of "simplification," "slowification," and "amplification," is essential for creating responsive systems that address issues promptly and prevent minor problems from escalating. This strategic approach not only supports but accelerates an organization’s objectives, making them more agile and resilient.
The XZ backdoor incident
As part of the discussion, Magill covered the recent XZ backdoor software supply chain attack, highlighting the importance of information security practices.
Magill explained how the attacker employed a combination of email accounts and social engineering tactics to gain the trust of the XZ project's sole maintainer.
"Once they had commit access, then they could start inserting this backdoor code," said Magill. "But it was over a year before they actually took advantage of that access to start inserting the malicious code. And then, thankfully, it was detected about a month later."
Magill also described how the XZ incident underscores the critical need for vigilant and rigorous security measures in managing open source software. It serves as a stark reminder of the importance of a "zero trust" approach and the necessity of implementing robust security protocols throughout the software development life cycle (SDLC).
Reflections and closing thoughts
Kim encapsulated the session by emphasizing the impact of DevOps beyond just technological improvements.
"DevOps helps with the achievement of safely, quickly, reliably, securely achieving all the goals, dreams, and aspirations of the organizations that we serve."
This webinar provided insights into how DevOps is evolving and the critical role it plays in shaping the future of organizational operations.
View the recording of the full webinar for more insights from Gene Kim and Dr. Stephen Magill on our DevOps Download page.
