Prioritizing security in the software development process, report findings


According to GitLab DevSecOps, security is a priority for DevSecOps, as part of the process is shifting to developers and technology. Report It was released on Thursday.

For example, there was an increase in developer-led security. According to the report, 71% of respondents said their vulnerabilities are being handled by developers.

“I think this is a sign to me that developers in security organizations are becoming more comfortable running in teams, rather than waiting until the end to find and fix problems in the development process, and then doing what people traditionally do,” said Bob Stevens, GitLab’s vice president of public sector. Next Gov. “So security teams for me [are] Embracing existing tools and starting to rely more on them to ensure code is developed securely.

Despite the need for better digital practices and improved security, the report found that 75% of public sector respondents are deploying software at the same pace or slower than last year. In the 2022 report, this was 59% of respondents.

“I’m surprised the number is so high, especially with the tools out there today, but maybe I shouldn’t be surprised,” Stevens said. But I can tell you that there are many agencies that are stuck in the waterfall and haven’t transitioned to agile development and are still stuck in the oven and struggling to figure out how to get out of this situation. . It is a cultural change.

However, Stevens said that for the business sector this is only 40%, “It shows that the government is falling behind in terms of transitioning to new development tools and building software factories and deploying platforms.”

Meanwhile, more than 50% of government respondents report evaluating or purchasing a DevSecOps platform in the next one to three years.

However, the report found that 44% of public sector respondents use more than six devices and some use more than 15 devices.

“The more tools you use, the more opportunity there is for vulnerabilities or poorly written code,” he added. “Also, you slow things down because you can write things in the stovepipe, and then you try to merge all those pipes together and finally, oh, by the way, when you do that, they usually don’t work very well. So when you have a lot of equipment, you slow things down. Cost is another thing.”

Moreover, 59% of government and defense or aerospace respondents are looking to strengthen the number of devices they use.

According to Stevens, this will help “reduce complexity, increase mission speed, reduce cost,” which includes equipment and training costs. It also makes remote work more efficient, he said.

Meanwhile, the report notes that artificial intelligence and machine learning are also important to DevSecOps. Specifically, developers who used a DevSecOps platform were more likely to use automation and AI or ML for testing purposes than those who did not use the platform. Specifically, 65% of developers say they are using AI or ML for testing or will be in the next three years. Additionally, 62% of developers who use AI or ML use it to test code, an increase from the 2022 report where only 51% of developers use it for this purpose. Additionally, 53% of developers using AI or ML use bots for testing, up from 39% in 2022.

“I think this is to help with mission speed,” Stevens said. If you don’t have to reinvent the wheel and can rely on AI or machine learning to do something, or if you can help with something common in development, you can save time and make sure it’s secure. Both right, you achieve efficiency and safety. So, I think we’ll see more use of AI, especially in software development because it just has a place that makes sense. Being able to write code makes everyone’s life easier.

GitLab surveyed more than 5,000 IT and software professionals, including government sector professionals, in March 2023 for this report.

We offer you some site tools and assistance to get the best result in daily life by taking advantage of simple experiences