Fulton, MD – April 7, 2020 -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today published findings from its seventh annual DevSecOps Community Survey, based on responses from 5,045 software engineering professionals. The survey, developed and conducted in partnership with Carnegie Mellon’s Software Engineering Institute, CloudBees, DevOps Institute, DevOps.com, DevSecOps Days, NowSecure, Security Boulevard, Verica, and All Day DevOps, pulls back the curtain on successful DevSecOps practices, significant influences on developer satisfaction, trends in secure coding, and application breaches.
The survey reveals that development velocity is accelerating with 55% of respondents deploying code to production at least once per week, compared to 47% of respondents in 2019. Findings also show how engineering teams supported by mature DevOps practices are more likely to integrate automated security tooling into their development lifecycle. The most popular automated security investments are web application firewalls (59%), open source governance (44%), and intrusion detection (42%).
Mature DevOps teams also demonstrate 1.6x higher job satisfaction rates compared to their immature peers. Furthermore, mature teams are 2.2x more likely to invest in container security, 2.1x more likely to invest in Dynamic Analysis Security Testing, and 1.9x more likely to invest in Software Composition Analysis.
“DevSecOps transformations are proving critical – not just to improve productivity and application security - but to ensure developer delight,” said Derek Weeks, Vice President at Sonatype. “This year, mature DevOps teams are properly integrating and automating security tools almost 2x more often than less mature teams. We also found developers in mature DevOps teams are 1.6x more likely to recommend their employers in today’s tight job market and 1.3x more likely to get work done.”
Additional findings from the report include:
The full report with these findings and others is available here.
“We know, as a collective team, how to produce the highest quality of software by following a DevOps methodology. The methodology helps us enforce security checks at each phase in a SDLC. As the survey points out, mature DevOps practices are 3.6x more likely to consider security as a top concern and 2x more likely to have automated governance and compliance. Mature DevOps practices are constantly testing, deploying, and validating that software meets every requirement and allows for fast recovery in the event of a problem. As a result, we can easily say, ‘DevSecOps is DevOps done right.’”
— Hasan Yasar, Technical Director and Adjunct Faculty Member
Software Engineering Institute | Carnegie Mellon University
“We’ve always known that DevSecOps is about culture. The 2020 DevSecOps Community Survey, for the first time, reveals clear and convincing empirical evidence that developers are happier and more productive when security is part of the digital transformation and DevOps journey.”
— James Wickett, Head of Research, Verica.io
DevOps and DevSecOps Instructor, LinkedIn Learning
“We believe that the community derived data on emerging patterns shown within the 2020 DevSecOps Community Survey can help both individuals and organizations adapt to the rapidly changing dynamics of the modern security landscape. We cannot achieve higher levels of DevOps maturity until we understand how tightly woven people are into the transformation process. More than anything, DevSecOps success is tied to human effort.”
— Jayne Groll, CEO, DevOps Institute
“The 2020 DevSecOps community survey highlights an important fact which is often overlooked: culture matters. The results show us that shared ownership becomes even more important as organizations shift from DevOps practices to security-focused DevSecOps practices. Accordingly, happy developers address security upstream through tooling and coordination with peers, whereas grumpy developers engage late, learning about issues from management or customers. The takeaway? Spend time fostering an effective culture.”
— Brian Dawson, DevOps Evangelist, CloudBees
The 2020 DevSecOps Community Survey is based on responses from 5,045 software professionals across the globe and provides visibility into the attitudes of software professionals toward DevOps best practices and the changing role of application security. The results reported here came in response to 34 questions asked by Sonatype and our DevOps community advocates including All Day DevOps, Carnegie Mellon’s Software Engineering Institute, CloudBees, DevOps.com, DevOps Institute, DevSecOps Days, NowSecure, Security Boulevard and Verica. The survey’s margin of error is ± 1.226 percentage points at the 95% confidence level.
Sonatype is the leader in software supply chain automation technology with more than 350 employees, over 1,000 enterprise customers, and is trusted by more than 10 million software developers. Sonatype’s Nexus platform enables DevOps teams and developers to automatically integrate security at every stage of the modern development pipeline by combining in-depth component intelligence with real-time remediation guidance. For more information, please visit Sonatype.com, or connect with us on Facebook, X, or LinkedIn.
Mission North for Sonatype
sonatype@missionnorth.com