20% of respondents described their organisations’ DevSecOps practices as “mature”, while 62% said they are improving practices and 18% as “immature”. Additional key insights from the report included:
- In order to meet short deployment cycles, 73% of security professionals and developers feel forced to compromise on security.
- AppSec tools are purchased to ‘check the box’, disregarding developers’ needs and processes, resulting in tools being purchased but not used.
- Developers don’t fully use the tools purchased by the security team. The more the mature an organisation is in terms of its DevSecOps practices, the more AppSec tools they use.
- There is a significant “AppSec knowledge and skills gaps” challenge that is largely neglected by organisations.
- While 60% of security professionals say they have had an AppSec program in place for at least a year, only 37% of developers surveyed reported that they were not aware of an AppSec program running for longer than a year inside their organisation.
- Security professionals’ top challenge is prioritisation, but organisations lack the standardised processes to streamline vulnerability prioritisation.