May 4, 2021

Report: DevOps offers faster releases but security still a pain point

Report: DevOps offers faster releases but security still a pain point

Report: DevOps offers faster releases but security still a pain point

The COVID-19 pandemic has led teams to focus on embracing DevOps technologies such as Kubernetes, ML/AI and cloud computing, and as a result, 84% of developers say they’re releasing code faster than ever before. 

That was one of the key findings in GitLab’s fifth annual DevSecOps survey, which this February asked 4,300 DevOps team members about their practices and processes last year. Overall, 57% of respondents reported that their code is released twice as fast, an increase from 35% last year. 19% said that their code gets released 10 times faster. 

This efficiency was often a result of automation and ML/AI being integrated into development cycles. Just over half the respondents said that their development life cycles were either completely or mostly automated, whereas last year only 8% said that was their situation. 

However, there are still some roadblocks when it comes to achieving true DevSecOps, particularly when it comes to security testing and security ownership.

Almost half of the respondents said that they believe security testing is happening too late in the process and that it was a struggle to unpack, process and fix vulnerabilities.

About one-third said that tracking the status of the bug fixes was challenging and slightly fewer respondents found remediation prioritization difficult.

“Like last year, these results indicate a reactive approach to security in the development process. It also indicates the importance of integrating DevSecOps in development cycles, because issues raised in testing that create bottlenecks could be caught and addressed earlier in development,” the authors of the DevSecOps survey wrote. 

Organizations have been gradually shifting their security test initiatives left, with 70% of security professionals reporting their teams have moved security considerations earlier into the development,  compared to last year’s 65%. 

Despite this advancement, many still struggle to determine who is in charge of handling security, since 28% of respondents said that everyone in their organization was in charge of security. 

“While the industry has continued integrating security into development, and organizations are beginning to improve security overall, our research shows that a more clear delineation of responsibilities and adoption of new tools is required to completely shift security left,” said Johnathan Hunt, the vice president of security at GitLab. “In the future, we hope to see security teams find more ways to lay out clear expectations for the other members of their organization.”