One in Six Developers in Healthcare Report Open Source Breaches | Press Release

blog-logo Sonatype Blog

Happy Developers Produce More Secure Software, Better Business Outcomes

April 07, 2020 By Derek Weeks

The results are in: happy developers working in teams with mature DevSecOps practices produce more secure software.

The 2020 DevSecOps Community Survey is our seventh annual investigation into DevSecOps  trends. It is the first survey to confirm in the software world what is known in businesses generally: employee job satisfaction is crucial for success. Other studies have shown that happy employees master broader competencies and their brains are 31% more productive, among many other benefits.

Our survey, in conjunction with our research partners Carnegie Mellon’s Software Engineering Institute, CloudBees, DevOps Institute, DevOps.com, DevSecOps Days, NowSecure, Security Boulevard, Verica, and All Day DevOps, surveyed 5,045 developers in 102 countries. It showed that development velocity continues to speed up, with 55% of respondents saying they deploy code to production at least once a week, up from 47% saying the same thing last year

Happy Developers Offer Measurable Advantages 

Most interesting this year was our discovery of how happiness correlates with mature DevSecOps practices and more secure code outcomes. Respondents who we designate as “happy” are nearly twice as likely to:

  • say they like their job (1.5x more likely)
  • get work done (1.3x more likely)
  • encourage friends to come work with them (1.6x more likely)

Mature DevOps teams demonstrate 1.6x higher job satisfaction rates compared to their immature peers. Furthermore, mature teams are 2.2x more likely to invest in container security (CSA), 2.1x more likely to invest in dynamic testing (DAST) and 1.9x more likely to invest in Software Composition Analysis (SCA).

Here are some of the positive correlations we uncovered:

Happy Developers Pay More Attention to Security

Happy developers are 3.6x less likely to neglect security when it comes to code quality, and 1.3x more likely to follow open source policies. They are also 2.3x more likely to have automated security tools in place. Developers working within mature DevOps practices are 1.5x more likely to enjoy their work, and 1.6x more likely to recommend their employer to prospects.

CodeSecurityAnalysis

Happy Developers Are More Likely to Receive Security Training

Developers who receive training on how to code securely are also 5x more likely to enjoy their work. Their grumpier peers did not benefit from training opportunities. A whopping 47% of grumpy developers answered “what training?” when asked about this benefit.

SecurityTraining

Happy Developers Recognize Security Breaches Sooner

Happier developers are 1.3x more likely to be informed of security issues from their integrated tooling compared to their less content counterparts. Improved tooling and close collaboration with security teams also paid off for happier developers, as they are 3.8x less likely to rely on rumors when it comes to security notifications. 

InformedOfAppSecurityIssues
The 2020 survey results are the first to confirm the correlations between DevSecOps culture and practices, and their influences on motivation and job satisfaction. The findings are a powerful indicator of the business value of DevSecOps, especially in organizations with mature practices, because their training and tooling support happy developers. Happy developers, in turn, are crucial to the ongoing success of the business, and the security of the software created. Understanding the interplay of developer happiness, business success, and software security will continue to become more valuable over time.

Download and review the 2020 DevSecOps Community Survey to understand the connection between happy developers and more secure software.  Then share the results with your colleagues and challenge their thinking on the findings.  Do you all agree, are there things you all can improve, is your DevOps practice missing something, or is your team ahead of the curve?

Tags: vulnerabilities, software development, devsecops, security breach, featured, DevSecOps Community Survey, Report/Survey/Whitepaper releases, 2020 DevSecOps Community Survey

Written by Derek Weeks

Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.