Developers and security professionals sacrifice security for speed
In order to meet short deployment cycles, 73 percent of security professionals and developers feel forced to compromise on security according to a new report.
The study into DevSecOps from open source security and license management specialist WhiteSource, based on responses from over 560 developers in the US and Europe, finds that 20 percent of respondents describe their organizations' DevSecOps practices as 'mature', while 62 percent say they are improving, with only 18 percent being classed as 'immature'.
The more mature an organization is in terms of its DevSecOps practices, the more AppSec tools it uses, though the results show that often developers don't fully use the tools purchased by the security team. This suggests tools are often being bought as part of a check box exercise, disregarding developers' needs and processes.
While 60 percent of security professionals surveyed say they have had an AppSec program in place for at least a year, 37 percent of developers report that they were not aware of an AppSec program running for longer than a year inside their organization. Again this indicates a disconnect between the two sides.
"Survey results show that while most security professionals and developers believe that their organizations are in the process of adopting DevSecOps, most organizations still have a way to go, especially when it comes to breaking down the silos separating development at security teams," says Rami Sass, CEO and co-founder of WhiteSource. "Full DevSecOps maturity requires organizations to implement DevSecOps across the board. Processes, tools, and culture need to evolve in order to break down the traditional silos and ensure that all teams share ownership of both security and agility."