As DevOps Grows, Automation Is Key to App Security

IT organizations continue to struggle with breaches, which have risen sharply over the past three years. Yet during the same period, the use of secure components has remained flat, suggesting that more organizations must improve their applications' security posture. Those are some of the key findings of the "2017 DevSecOps Community Survey," which included 2,292 IT professionals in the United States, Europe and other parts of the world. DevOps is not all about making software better and faster, the study's authors observed. It also requires making software more safely. As evidenced by this year's survey results, more organizations are transforming their development from waterfall-native to DevOps-native tools and processes. The survey revealed that mature development organizations ensure that automated security is woven into their DevOps practice throughout the lifecycle. "Mature DevOps practices are implementing these new approaches and accelerating their mean time to discover vulnerabilities and improving developer productivity," said Derek Weeks, vice president and DevOps advocate at Sonatype, one of the sponsors of the study. "Development and operations teams who feel security practices are hindering the speed at which they build and release applications should understand that new, automated approaches to security are available." Of the group surveyed, 43 percent of the respondents were developers or in DevOps, with the rest a mix of architects, team leads and other IT roles. In addition to Sonatype, study sponsors included Contino, DZone, Emerasoft, Ranger4 and Signal Sciences.