Security teams in organizations with mature DevOps processes are three times more likely to find errors before the code is merged. This is evident from the third edition of the annual GitLab Survey among more than 4,000 respondents.
A mature DevOps process also appears to have a positive influence on project testing. It is 90 percent more likely that these teams will test between 91 and 100 percent of all software than teams within organizations where DevOps is still in its infancy.
In addition, developers working with mature DevOps models feel innovative 1.5 times more likely to do so.
Friction
However, it appears that there is still friction between development and security teams. For example, 69% of the developers say that they are expected to deliver safe software. This is despite the fact that almost half of the security professionals say they find it difficult to persuade developers to prioritise vulnerability resolution.
Also, according to 68 percent of security professionals, less than half of the developers are capable of finding security vulnerabilities later in the development cycle.
Half of the security professionals also state that they find errors most often after code has been added to a test environment.
More delay
Organisations with less mature DevOps implementations therefore present a variety of challenges. According to the study, these organisations are 2.5 times more likely to be delayed during the planning phase and 2.6 times more likely to be faced with bureaucracy, thus delaying the resolution of vulnerabilities.
According to our research, most developers are aware of the dangers associated with vulnerabilities and want to significantly increase their security capabilities. Unfortunately, they often find insufficient support within their organisation to give priority to the development of safe software, sharpening their programming skills and the use of scanning and testing tools that accelerate this process, says Colin Fletcher, manager Market Research & Customer Insights at GitLab.
This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.
12 minutes ago
