Large scale data breaches provide drive for DevSecOps investments
Breaches related to open source components have grown 50 percent since 2017, and an eye-opening 121 percent since 2014, according to a new survey from open source governance and DevSecOps automation specialist Sonatype.
But the survey finds that those companies with mature DevOps practices are 24 percent more likely to have deployed automated security practices throughout their development lifecycle.
Investments in open source governance, container security, and web application firewalls are noted as being the most critical to companies pursuing DevSecOps transformations. But resourcing and training still present challenges, 48 percent of respondents admit that they don't have enough time to spend on application security, while 35 percent of developers from companies with no DevOps practices received no training on application security in the past year.
The results also reveal that developers outnumber security professionals by 100 to one, highlighting the need for automated application security testing to mitigate risks and improve business productivity. More organizations are waking up to this approach, with mature DevOps practices showing a 15 percent year on year growth in applying security practices throughout the development lifecycle.
"As application breaches tied to open source components rise more than 50 percent year over year, those investing in DevSecOps showed 85 percent higher levels of cyber readiness, compared to those who aren't," says Wayne Jackson, CEO of Sonatype. "It's evident that recent high profile breaches have heightened investments in DevSecOps and are continuing to grow as organizations strive to stay ahead of adversaries and prepare for May 2018's 'secure by design' requirement stipulated within the EU’s General Data Protection Regulation (GDPR)."
You can find out more about the importance of DevSecOps on the Sonatype website.