Rising demand for security in software development
Rising demand for security and efficiency in software development, and an increasing use of artificial intelligence and machine learning in security, are amongst the key IT trends revealed in a new industry report.
DevSecOps Platform GitLab has released its 7th annual Global DevSecOps Report: Security Without Sacrifices.
In March 2023, GitLab surveyed more than 5,000 IT leaders, CISOs, and developers in industries including financial services, automotive, healthcare, telecommunications, and technology on their successes, challenges, and main priorities for DevSecOps implementation.
The report revealed security remains a key priority for organisations amid the growing global threat landscape.
DevSecOps teams are becoming more broadly aware of security as a shared responsibility. Incorporating security earlier in the software development lifecycle, or shifting left, is enabling development, security, and operations teams to work collaboratively instead of working in silos, as seen in previous years.
According to the survey, 71% of security professionals said that a quarter or more of all security vulnerabilities are being captured by developers, up from 53% of respondents in 2022. Moreover, 38% of security professionals reported being part of a cross-functional team focused on security, up from 29% in 2022. Some 85% of security respondents report that they have the same or less budget than 2022, highlighting an urgent need to do more with less.
The report says AI/ML goes hand-in-hand with a DevSecOps platform.
Artificial Intelligence (AI) and machine learning (ML) have become critical components of DevSecOps workflows. Developers who use a DevSecOps platform were more likely to have implemented automation and AI/ML for testing than those who do not.
According to the survey, 65% of developers said that they are using AI/ML in testing efforts or will be in the next three years, while 62% of developers using AI/ML use it to check code, up from 51% in 2022. And 53% of developers using AI/ML said they use bots for testing, up from 39% in 2022.
Toolchain management is an ongoing barrier to developer productivity, the report says.
Developers and security professionals continue to report significant time spent on toolchain management, reducing time available to dedicate to critical tasks such as adherence to compliance regulations.
Some 66% of survey respondents reported wanting to consolidate their toolchains this year, while 27% of security respondents reported that it is difficult to have consistent monitoring across disparate tools. Meanwhile, 26% of security respondents said it is difficult to draw cohesive insights across all integrated tools.
The survey found that the public sector reports plateaued efficiency and complex development toolchains.
Despite ongoing demands for improved digital experiences within the public sector, respondents working within government entities globally noted slowed or stagnant software development. Promisingly, more than half of total government respondents said they are evaluating or purchasing a DevSecOps solution in one to three years.
According to the report, 74% of public sector respondents reported deploying software at the same rate or slower than they did in 2022, while 44% of public sector respondents reported using six or more tools for software development, including some who use more than 15 tools.
“Organisations globally are seeking out ways to do more with less. This means that efficiency and security cannot be mutually exclusive when identifying opportunities to remain competitive,” says David DeSanto, Chief Product Officer at GitLab.
“GitLab’s research shows that DevSecOps tools and methodologies allow leadership to better secure and consolidate their disparate, fragmented toolchains and reduce spend, while also freeing up development teams to spend time on mission-critical responsibilities and innovative solutions.”