Sonatype Introduces Next Generation Dependency Management | Press Release

blog-logo Sonatype Blog

Money Doesn’t Buy Happiness, But Happy Developers Protect Money

June 26, 2020 By Derek Weeks

If money “makes the world ’go round” -- then today, software developers are the ones pushing and spinning the globe. Every day developers ensure that digital money (and other financial products and services) is securely routed around the planet as intended. And the happy ones do it best.

The financial services industry recognizes that developers are at the forefront of software security. What isn’t fully appreciated is the bottom-line benefit of happy developers. Happy developers aren’t bought with big salaries and ridiculous perks -- though those never hurt. Instead, happy developers are made. How? Happy developers are more likely to work in organizations with maturing or mature DevSecOps practices. The influence of an organization’s environment was revealed in Sonatype’s seventh annual DevSecOps Community Survey.

The 5,045 survey respondents came from 102 countries. The survey is the first to show a correlation between DevSecOps maturity, developer happiness, and software security. As DevSecOps maturity increases, developers become happier, and happy developers build more secure software.

The Bottom-Line Benefits of Engaged Employees

First, a quick reminder on the benefits of engaged employees in the workplace:

  • Happy workers do more. “Engaged workers are more open to new information, more productive, and more willing to go the extra mile,” writes social psychologist Arnold B. Bakker in his research on workplace happiness.

  • Replacing unhappy workers is expensive. Turnover can cost employers 33 percent of an employee’s annual salary, according to the Work Institute’s 2017 Retention Report. The same report, updated for 2019 (.pdf) shows that the work environment is a major cause of employee unhappiness and departure, up 53% from 2010.

  • Happier workers are healthier. Beyond the quality of life metric, the business cost burden of health insurance is reduced when workers are healthy. The cost savings of good mental health is one component of “The Business Case for Happiness” (.pdf) by Stanford University, for example.

The Financial Services Sector Enjoys the Benefits of Happy Developers the Most

Financial services sector respondents in our 2020 DevSecOps Community Survey revealed quite a bit. Among the interesting insights:

There Are More Happy Developers Here Compared to Other Industries

There are more software developers per business within the financial services industry compared to other industries across our survey. Eighty percent (80%) of financial service industry respondents said they worked in organizations with 25 or more developers. That is three times more than all the other industries (healthcare, government, and technology) surveyed, combined.

DevSecOps Maturity Yields Happiness

Happy developers work on mature DevSecOps teams and mature DevSecOps teams integrate automated security tools twice as often as immature practices in the financial industry. This reduces developer stress and improves security by default.

This chart shows the levels of DevSecOps maturity across all industries. The happiest developers were concentrated in the 15% who rated their organization’s DevSecOps practices “mature”.

For example, Gartner recommends maintaining a Software Bill of Materials (SBOM) to harden the software supply chain. The survey showed that mature practices are twice as likely to have an SBOM, including one that covers dependencies.

Happy Developers are More Productive

Happy developers are more likely to finish their work. Developers in mature DevSecOps practices are 1.4 times more likely to agree with the statement, “I feel I can complete the work assigned to me.” Developers in mature DevOps practices were also 1.2x happier than their peers in financial service organizations.

Happy developers also benefit from ongoing training opportunities. By contrast, grumpy developers are 7 times more likely to say they don’t get any training.

From Yuan to the Euro, Everyone Has Security Requirements

 

The players in the global financial services industry may differ in currency units, but share a common goal: software security. Happy developers are among the best defense. The survey shows that happy developers in mature DevOps practices are more aware of security breaches than those working in immature practices.

For example, in financial services, 21% of developers in mature practices correctly identify software breaches in open source software components. A higher percentage of developers on mature teams, 26%, identify breaches when using an SBOM. Both percentages are higher than those in other industries taking the same survey.

Another example. Happy developers on mature teams are more likely to follow open source governance policies aimed at keeping code secure. Fifty-eight percent (58%) indicated that they follow policies, compared to just 42% of their grumpy peers.

Here’s the bottom line. Happy developers build more secure software when they use open source software components. That’s because happy developers are more likely to be working within mature DevSecOps practices, using automated tooling, and participating in secure coding education.

Grumpy developers, and the security of their software, fare worse. Grumpy developers are more likely to have less support, be less equipped, and usually have less security training. Combined, these traits work against what is necessary to produce secure software.

In the context of financial services, an investment in developer happiness is worth its weight in the one currency prized for centuries: gold.

Tags: devsecops, social interaction, software security, featured, 2020 DevSecOps Community Survey, soft skills, financial services industry

Written by Derek Weeks

Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.