As DevOps Grows, Automation Is Key to App Security

By Eileen McCooey
  • Previous
    As DevOps Grows, Automation Is Key to App Security

    As DevOps Grows, Automation Is Key to App Security

    Survey shows that mature DevOps teams have found new ways to integrate security at the speed of development, analyzing app security from design to production.

IT organizations continue to struggle with breaches, which have risen sharply over the past three years. Yet during the same period, the use of secure components has remained flat, suggesting that more organizations must improve their applications' security posture. Those are some of the key findings of the "2017 DevSecOps Community Survey," which included 2,292 IT professionals in the United States, Europe and other parts of the world. DevOps is not all about making software better and faster, the study's authors observed. It also requires making software more safely. As evidenced by this year's survey results, more organizations are transforming their development from waterfall-native to DevOps-native tools and processes. The survey revealed that mature development organizations ensure that automated security is woven into their DevOps practice throughout the lifecycle. "Mature DevOps practices are implementing these new approaches and accelerating their mean time to discover vulnerabilities and improving developer productivity," said Derek Weeks, vice president and DevOps advocate at Sonatype, one of the sponsors of the study. "Development and operations teams who feel security practices are hindering the speed at which they build and release applications should understand that new, automated approaches to security are available." Of the group surveyed, 43 percent of the respondents were developers or in DevOps, with the rest a mix of architects, team leads and other IT roles. In addition to Sonatype, study sponsors included Contino, DZone, Emerasoft, Ranger4 and Signal Sciences.

This article was originally published on 2017-04-10
Eileen McCooey, a New York-based consultant and Baseline contributor, has extensive experience covering a wide range of business and consumer topics, including digital technologies and consumer electronics of all kinds.
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.