While development teams are releasing code faster, security remains an issue

A recent study by GitLab revealed that DevOps tools are enabling developers to release new code faster than before but security remains an issue.

Indeed, the report showed that the pandemic and the shift to remote work has had an important impact on DevOps technologies as more teams started to implement automation into their software development cycles in order to speed up software releases. 84% of developers stated they were releasing code faster than before, which is a significant rise from last year’s 35%.

Moreover, 21% of developers declared that they started to add source code management to their DevOps practices, while almost 18% added continuous integration (CI) and 13% added continuous delivery (CD). The survey found that adding a DevOps platform had allowed to speed up the process.

Besides, it was reported that 25% of teams said to be using full test automation while 28% declared being halfway to full automation. The study also noted that more than half of development teams were deploying code multiple times a day, once a day, or once every few days.

However, the survey highlighted that security testing and code reviewing remain lacking in development teams. Indeed, 42% of developers stated that testing was happening too late in the development cycle, while others found processing and fixing vulnerabilities challenging. Tracking bug fixes were also said to be a challenge as well as determining which bugs to address first.

Hence, it was showed that the relationship between security and development teams remains contentious. With developers shifting left and tackling more security tasks, there is an issue in determining who should be in charge of security. 31% of respondents stated that security teams should be responsible for security, while nearly 28% felt it was a shared responsibility.

In order to deal with that issue, it is then vital to organize and coordinate responsibility between security, developer, and operations teams.