Over 80% of IT professionals reported that a critical security issue in deployed software impacted their DevOps delivery schedule in the last year, according to Synopsys, Inc.’s “Global State of DevSecOps 2023” report conducted by Censuswide.
Key findings:
The survey of more than 1,000 IT professionals across the world, revealed that more than half (52%) are already using AI to enhance their organisation’s software security measures, even though a majority (76%) are “very or somewhat concerned” about its security risks.
The study reveals that two-thirds of respondents find application security testing tools and practices useful. These include dynamic application security testing (DAST), interactive application security testing (IAST), static application security testing (SAST), and software composition analysis (SCA).
The study also finds that internal security and development/engineering teams equally share security testing responsibilities. Software developers and engineers (45%) are just as likely to be assigned security testing tasks as internal security team members (46%). Some (33%) organisations hire external consultants to support their internal teams.
Bridging barriers
“While a vast majority [91%] of organisations have adopted some level of DevSecOps practices, they continue to face barriers effectively implementing its methods, especially at enterprise scale,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group.
“Specifically, we’re noticing that organisations across the globe are struggling with integrating and prioritising the results from the multiple application security testing tools used by their teams. They also struggle to enforce security and compliance policies automatically through infrastructure-as-code, a practice that was cited most often by respondents as a key factor of their security program’s overall success.”
