A couple of days ago, WhiteSource released its DevSecOps Insights Report, which was aimed at better understanding the level of DevSecOps maturity inside organisations.
20% of respondents described their organisations’ DevSecOps practices as “mature”, while 62% said they are improving practices and 18% as “immature”. Additional key insights from the report included:
- In order to meet short deployment cycles, 73% of security professionals and developers feel forced to compromise on security.
- AppSec tools are purchased to ‘check the box’, disregarding developers’ needs and processes, resulting in tools being purchased but not used.
- Developers don’t fully use the tools purchased by the security team. The more the mature an organisation is in terms of its DevSecOps practices, the more AppSec tools they use.
- There is a significant “AppSec knowledge and skills gaps” challenge that is largely neglected by organisations.
- While 60% of security professionals say they have had an AppSec program in place for at least a year, only 37% of developers surveyed reported that they were not aware of an AppSec program running for longer than a year inside their organisation.
- Security professionals’ top challenge is prioritisation, but organisations lack the standardised processes to streamline vulnerability prioritisation.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
