More automation is needed to speed up secure software development
The single most important driver of DevSecOps programs is improving the security, quality, and resilience of software, according to a new report. But insufficient automation in software development is the number one cause of delays in product releases.
The study from Security Compass shows bringing technology to market faster is the second most important driver, while cost reduction is the least important.
The findings show that 75 percent of respondents report that their manual security and compliance processes slow down code release, delaying time to market and affecting competitiveness. DevSecOps personnel also point to technical challenges, organizational silos, and insufficient automation as the chief reasons why security and compliance processes slow down time to market.
Not surprising then that 96 percent of respondents agree they would benefit from the automation of security and compliance processes.
"When we set out to conduct this study, we were eager to better understand the state of DevSecOps adoption; and the results paint a clear picture that manual security processes are a roadblock to timely product releases and impact a company’s competitiveness," says Rohit Sethi, CEO of Security Compass. "We are hopeful that this study will raise awareness of the ways automation can solve significant challenges in secure application development and look forward to publishing more studies throughout 2021 to support companies in their DevSecOps journey."
Among other findings 60 percent of those tasked with getting products built found technical challenges to be the main hurdle to DevSecOps adoption. Cost, insufficient time, and lack of education are cited as additional challenges.
The full 2021 State of DevSecOps report is available from the Security Compass site.