Monday , October 3 2022

DevOps mature practices teams are three times more likely to report on early vulnerabilities, according to a GitLab study


DevOps is a movement in computer engineering and technical practice that appeared a decade ago. It aims to integrate software development (dev) and the administration of computer infrastructures (operating systems), including system administration. It is credited with several competitive advantages and several source code management platforms offer a partial or full life cycle based on the DevOps methodology. GitLab, one of them, is publishing the results of its developer's DevSecOps annual survey this week, demonstrating the obvious benefits and complex challenges of the DevOps methodology.

DevOps' movement is mainly characterized by the promotion of automation and monitoring (monitoring) at all stages of software development, from development, integration, testing, delivery to deployment. operation and maintenance of the infrastructure. The DevOps principles support shorter development cycles, increased frequency of deliveries and ongoing supplies to better meet the company's business goals. On Monday, GitLab shared the results of its annual survey, which shows how much the methodology has been adopted by the professionals and the benefits it provides.

The GitLab study has revealed that well-done DevOps can make a significant contribution to improving security by allowing continuous deployment and pooling of developers, security specialists and operations teams. The company's survey of more than 4,000 respondents found that security teams that are part of DevOps's good practice are three times more likely to detect faults than code mergers and are 90% more likely to test between 91% and 100% code in just one organization at the start of development.

This year, the Global Developer Survey expanded beyond culture, workflow and tools to include operational groups and security groups to provide a complete assessment of the software development cycle, said Sid Seibrandji. Chief Executive Officer and co-founder of GitLab. According to survey results, almost half of the respondents are practicing continuous deployment in at least part of their organizations. At the same time, only about a third of respondents rated DevOps' efforts as good.

This means that there are still some barriers that still prevent developers and operations from achieving perfect cooperation, especially on the part of security teams. What we learn from this study is that early users of DevOps strong models benefit from increased security and more innovations, but barriers still prevent developers and security teams from getting genuine DevSecOps. Teams need a solution that can provide visibility on both sides of the rational implementation process, Sid added.

The results of the study show that there are still serious security barriers. All software professionals are aware of the need to integrate security into the development lifecycle, but the study has shown that there is still room for friction between security and development teams. While 69% of developers say they have to write a secure code, almost half of the security professionals surveyed (49%) said they had difficulty persuading them to make the vulnerability adjustment a priority. 68% of security professionals believe that less than half of developers are able to detect security vulnerabilities later in their life cycle.

In addition, about half of security experts said errors are most often detected by themselves as the code merges into a test environment. Our research has revealed that although most developers are aware of vulnerabilities and want to dramatically improve their ability to write secure code, they often do not have organizational support for building security code, enhancing security skills, and introducing automated testing tools and analysis to make it happen sooner than later, "said Colin Fletcher, head of market research and customer knowledge at GitLab.

However, globally, the GitLab study revealed an increase in the acceptance rate of the DevOps methodology. Most DevOps models are not the same at all levels, as the study offers mature DevOps models on both sides and immature models. Indeed, GitLab found that the overall adoption of DevOps is increasing and that teams that have successfully implemented a mature DevOps model see significant improvements in their workflow. For example, developers who work with organizations with immature models of DevOps believe that their processes hinder them, while those who work with mature models are almost 1.5 times more likely to feel innovative and 3 times more likely to detect vulnerabilities in security earlier in the pipeline.

In addition, the very poor performance of DevOps leaves organizations 2.5 times more likely to experience the most delays during the planning phase and 2.6 times more likely to encounter bureaucracy that slows down efforts to quickly deal with vulnerabilities. One last thing about GitLab's annual survey is that remote teams outperform teams on the ground. Long distance practices often lead to greater collaboration, better documentation and transparency, and ultimately more mature security practices than office teams. In fact, the results show that developers in a rather remote environment are 23% more likely to understand better what their colleagues work and appreciate the maturity of their company's security practices 29% faster than those working in the business . traditional office environment.

The study also suggests that distributed teams are also more likely to identify and document their work than office teams, and that professionals in the agricultural sector are more than 2.5 times more likely to get noticeable work. to help developers with their colleagues in the office. Progress has been made in implementing DevOps, but much remains to be done to streamline cooperation between security teams, development teams and operational teams. In conclusion, survey respondents have shown that the main mission of all software specialists today is to improve the software life cycle.

In other words, everyone wants safer code, increased visibility, reduced cycle times and continuous deployment, but how do teams do it? Based on the results of the study, the well-developed DevOps methodology can significantly help to achieve these different goals. DevOps itself, however, can sometimes be difficult to implement, creating other difficulties.

Source: GitLab

And you?

What do you think about the results of this report?

See also

GitLab, Git Repository Manager, was developed in Ruby on Rails. His CEO gives us the reasons for this choice

GitLab 11.0 comes with a range of automation features, better license management and security, among others

GitLab has received $ 100 million from the D Series to raise $ 1.1 billion

Source link