App Security Attitudes Change
survey has revealed that mature development organizations ensure
automated security is woven into their DevOps practice, early,
everywhere, and at scale. Analysis of responses also found that IT
organizations continue to struggle with breaches as nearly a 50%
increase was recorded between Sonatype’s 2014 and 2017 survey.
•Developers are taking more responsibility for security with 24% of all respondents saying it’s a top concern while in mature DevOps organizations that number rises to 38%.
•58% of mature DevOps teams have
automated security as part of Continuous Integration (CI) practices
compared to 39% of all survey participants.
of mature DevOps organizations perform application security analysis at
every stage of the software delivery lifecycle (SDLC). This number
shrinks to just 27% when all survey respondents are counted.
•88% of survey respondents indicated that security was a top concern when deploying containers, yet only 53% leverage security solutions to address this problem.
•35% of organizations keep a complete software bill of materials to help them track down new open source vulnerabilities faster (e.g., Commons-Collection, Struts2).
•85% of those surveyed from highly
mature DevOps practices received some form of application security
training, ensuring awareness of secure coding practices. In immature
DevOps practices, 30% received no training.