Additionally, only 20% of the more than 560 developers and application security professionals surveyed by WhiteSource believe that their organizations have reached full "DevSecOps Maturity"
WhiteSource, the leader in open source security and license compliance management, released today the findings of its DevSecOps Insights Report, which was aimed at better understanding the level of DevSecOps maturity inside organizations.
20% of respondents described their organizations' DevSecOps practices as "mature", while 62% said they are improving practices and 18% as "immature".
The survey gathered responses from over 560 developers and application security professionals in North America and Western Europe about the state of DevSecOps implementation in their organizations.
Additional key insights from the report included:
- In order to meet short deployment cycles, 73% of security professionals and developers feel forced to compromise on security
- AppSec tools are purchased to 'check the box', disregarding developers' needs and processes, resulting in tools being purchased but not used
- Developers don't fully use the tools purchased by the security team. The more the mature an organization is in terms of its DevSecOps practices, the more AppSec tools they use
- There is a significant "AppSec knowledge and skills gaps" challenge that is largely neglected by organizations
- While 60% of security professionals say they have had an AppSec program in place for at least a year, only 37% of developers surveyed reported that they were not aware of an AppSec program running for longer than a year inside their organization
- Security professionals' top challenge is prioritization, but organizations lack the standardized processes to streamline vulnerability prioritization
"Survey results show that while most security professionals and developers believe that their organizations are in the process of adopting DevSecOps, most organizations still have a way to go, especially when it comes to breaking down the silos separating development at security teams," said Rami Sass, CEO and co-founder of WhiteSource. "Full DevSecOps maturity requires organizations to implement DevSecOps across the board. Processes, tools, and culture need to evolve in order to break down the traditional silos and ensure that all teams share ownership of both security and agility."