The State of DevSecOps Report
Cross-industry and cross-persona survey finds that application security creates friction and delivers suboptimal results.
Many companies now develop their own applications, built by both in-house and outsourced development teams. But unfortunately, the breakneck speed at which applications are being created can present security risks. Legacy application security tools and processes that were designed for slower, more methodical approaches to software development struggle to adapt to the speed and complexity of today’s DevOps processes.
This report explores development practices and the state of application security at organizations of all sizes. Survey results indicate that despite great strides in accelerating the application development process, security processes continue to create roadblocks.
Some of the key insights and findings from the report include:
- DevOps is growing in importance: 79% of respondents say their DevOps team is under increasing pressure to shorten release cycles.
- A majority (79%) indicate their average application in development has 20+ vulnerabilities—and most organizations use dedicated headcount to address them.
- Application security processes continue to significantly slow development cycles—more than half of organizations reveal they sometimes skip security scans to meet release deadlines.
- Almost all (95%) organizations have sustained successful attacks with real consequences.