Sonatype today published findings from its fifth annual DevSecOps Community Survey which shares practitioner perspectives on evolving DevSecOps practices, shifting investments, and changing perceptions.

The survey respondents revealed that breaches related to open source components grew at a staggering 50% since 2017, and 121% since 2014.

Despite this, resourcing and training still present challenges, with 48% of respondents admitting that they don’t have enough time to spend on application security, while 35% of developers from companies with no DevOps practices received no training on application security in the past year.

The survey also found:

• 77% of mature DevOps organisations have open source policies in place, with a 76% adherence rate. Conversely, only 58% of respondents without mature DevOps practices had a policy with a 54% adherence rate – revealing that DevSecOps automation is difficult to ignore.
• 59% of mature DevOps companies are building more security automation into their development process as attention toward GDPR compliance grows.
• 88% of those with mature DevOps practices are investing in application security training, while 35% with immature practices said they had no access to security training. This finding points to stronger cybersecurity readiness postures of those investing in DevOps.
• 63% of respondents with mature DevOps practices say they leverage security products to identify vulnerabilities in containers, as these components become more ubiquitous in modern IT landscapes.

The findings demonstrate that more organisations are waking up to the DevOps approach, with mature DevOps practices showing a 15% year-over-year growth in applying security practices throughout the development lifecycle.

The survey also found that those companies with mature DevOps practices are 24% more likely to have deployed automated security practices throughout their development lifecycle.

Written from press release by Leah Alger