Global State of DevSecOps 2023 Report
About the Synopsys 2023 DevSecOps report
In early 2023, the Synopsys Cybersecurity Research Center (CyRC) and Censuswide, an international market research consultancy, conducted a survey of 1,000 IT professionals who identified security as part of their role or responsibilities. The group includes developers, AppSec professionals, DevOps engineers, CISOs, and experts who work in various roles in technology, cybersecurity, and application/software development. Participants came from the U.S., U.K., France, Finland, Germany, China, Singapore, and Japan.
Respondents from all industries and all company sizes were eligible to participate. One of the challenges faced while developing the survey is that the term “DevSecOps” embraces several disciplines, many of which have unique personas. The goal was to include a broad spectrum of professionals including “hands-on” developers who write the code and people at the CISO level, but targeting those whose work involved some aspect of software security.
On DevOps and DevSecOps
Achieving the key tenets of DevOps—accelerated development, continuous delivery, pipeline resilience, scalability, and end-to-end transparency—requires a concerted effort from contributors in development, security, and operations.
An extension of the DevOps methodology, DevSecOps is designed to instill a culture of security cross teams and address security early and consistently in DevOps environments. By integrating security practices into the software development life cycle (SDLC) and CI pipelines, DevSecOps aims to shift security from a separate, standalone phase to an integral part of the development life cycle.
DevSecOps has gained significant traction in every organisation involved with software development. According to the SANS 2023 DevSecOps survey, DevSecOps is now clearly seen as a business-critical practice and a risk management concern. But historically, security and development teams have found themselves at odds when trying to introduce security into their processes, often a consequence of bringing legacy application security testing (AST) into the SDLC. Common complaints include AST tools’ complexity and high learning curves, slow performance, and “noisy” results causing DevOps “friction”—that is, anything in the software creation process that prevents developers from easily and quickly building code.
Read more in the report which provides details on the benefits of automation, the growing use of ASOC/ASPM in DevSecOps, key findings from the Synopsys 2023 DevSecOps survey, the state of DevSecOps in 2023, and lessons learned from the survey.
Click the link below to download the Global State of DevSecOps 2023 Report
Send download link to: