The state of AppSec and the journey to DevSecOps

2021-05-24 03:30

While the perceived benefits of DevSecOps to both security and DevOps are high, much progress must be made in defining a repeatable and consistent governance model for true DevSecOps to take hold, a ZeroNorth survey of 250 global security, DevOps and IT professionals reveals.

Specifically, the survey finds that while 76% of developers and engineers believe DevOps will own AppSec within three years, only 56% of AppSec professionals agree.

"The push toward true DevSecOps will strengthen security and improve the products that DevOps deliver. That said, our study shows progress needs to be made on many fronts - most notably DevSecOps governance, process, and culture - for companies to see this promise materialize."

Integrating AppSec tools into DevOps pipelines Automation and orchestration are enabling DevSecOps: 91% of respondents agree or strongly agree that integrating AppSec tools into DevOps pipelines through automation will be critical to the success of DevSecOps; 88% believe orchestration of tools within CI/CD pipelines will be required.

Adjusting the security mindset: DevSecOps requires a culture change across security and DevOps - and 73% of participants agree security must rethink the way it partners with Development for DevSecOps to succeed.

Enabling security in the journey to DevSecOps: The survey also demonstrates key things security must understand about DevOps, including the SDLC, tools and technical benefits.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/5R2u-EfMVrQ/

#appsec #devsecops