The DevOps landscape is constantly adapting and evolving. Most importantly, it is continuously expanding as the “need for speed” in software development becomes even more business critical. However, as important as speed is, as we learn about breach after breach in the news, we often find ourselves with more questions than answers about how organizations are addressing security concerns - while still enabling faster and faster development.
This is why we do the DevSecOps Community Survey every year - to follow how organizations are adapting, to better comprehend what previous challenges were overcome (and what new challenges have popped up), and to examine what approaches are being prioritized within teams to better identify potential risks. We believe these questions are extremely important and it’s why we’re once again looking to all of you to help us understand the state of DevSecOps.
Sonatype, along with Cloudbees, Twistlock, Signal Sciences, Carnegie Mellon SEI, All Day DevOps, and DevSecOps Days, launched the its annual DevSecOps Community Survey last week. Since then, we’ve already received over 2,500 responses, but we have a goal of making this the most comprehensive study - and, we can’t do that without more help from all of you.
Since we first started this survey, each year has shown that DevOps and automated security practices are maturing, and each year, more and more respondents share that they’ve changed practices to align more with a DevSecOps mentality. With news consistently breaking about the latest vulnerability or breach, the need for governance policies within DevOps practices is further reinforced - and organizations are beginning to respond. Slowly but surely, the industry is incorporating automated security into their development processes. In fact, 2018 saw a 15% increase in investment in automated security among mature DevOps practices.
While we’ve learned that security is difficult to ignore when it’s embedded where developers already are, there is a lot more to understand about current practices. The voice of the community these past five years has been invaluable, and we recognize that the experiences of those in the community can help us learn what resources are needed in order to support this ongoing cultural shift.
For example, in 2018, we found that 48% of developers knew that security was important, but didn’t have enough time to spend on it. We’ll be watching closely to see how if this has changed. We want to know what we, as a community, can do to support those who recognize there is an issue, but may not have the resources available to them to do anything about it. How have others in similar situations navigated this dilemma?
We invite you to fill out the 2019 DevSecOps Community survey today; you may even win one of our prizes (a Macbook or $500 Amazon gift card doesn’t sound too shabby, does it?). Everyone who takes the survey will receive a first look at the results - which will be released in early Spring.