Logo

Automation has a key roleto play in secure software development

75% of participants reported that manual security and compliance processes slow down code release, impacting time to market and competitiveness.

Security Compass has published the results of a new report, “The 2021 State of DevSecOps”. The study was designed to gather insights into different approaches and views on DevSecOps with a focus on large enterprises (US$1B+ in annual revenue) where security threats are gravest. Areas of focus for the study included overall understanding and experience in DevSecOps, its adoption maturity, challenges, time and budget invested, program comprehensiveness, and more.


The single most important driver of DevSecOps programs found in the study was improving the security, quality, and resilience of software. Bringing technology to market faster was the second most important driver, while cost reduction was the least important. The report also reveals how perceptions toward security and compliance evolve as organizations reach maturity in their DevSecOps programs. Viewpoints from CEOs to frontline practitioners, including all levels in between, are compared and contrasted throughout the report.

Key Findings Include:

Insufficient automation in software development is the number one cause of delays in product releases

○ 75% of respondents reported that manual security and compliance processes slow down code release, ultimately delaying time to market and affecting competitiveness. DevSecOps personnel also pointed to technical challenges, organizational silos, and insufficient automation as the chief reasons why security and compliance processes slow down time to market.

○ 96% of respondents agreed that they would benefit from the automation of security and compliance processes.

Technical challenges are the main roadblock to initial DevSecOps adoption

○ 60% of those tasked with getting product built found technical challenges to be the main hurdle to DevSecOps adoption. Cost, insufficient time, and lack of education are additional challenges noted.

○ The majority of respondents (73%) reported their organizations follow “by design” (i.e., proactive) principles for cyber/information security and regulatory compliance.

○ Executives, especially risk executives, within large enterprises that adopt DevSecOps across the majority of their applications express confidence in their ability to meet regulatory compliance and risk management needs.


“When we set out to conduct this study, we were eager to better understand the state of DevSecOps adoption; and the results paint a clear picture that manual security processes are a roadblock to timely product releases and impact a company’s competitiveness,” said Rohit Sethi, CEO, Security Compass. “We are hopeful that this study will raise awareness of the ways automation can solve significant challenges in secure application development and look forward to publishing more studies throughout 2021 to support companies in their DevSecOps journey.”

Democratisation of Machine Learning makes operational experts more flexible to improve and predict p...
Leading European retailer uses Dataiku to accelerate its data science practice to operationalise 10x...
Latest update to core Pega software suite cuts through enterprise complexity with new low-code, auto...
Powerful automation and intelligence make open-source observability easier, smarter, and more effici...
inRiver report finds 96% of manufacturing businesses feel pressure to get products to market faster;...
Oxford-based company Optellum, supported by NHS collaborations and grant funding, launches the world...
AVEVA has stressed how the role of the ‘Connected Worker’ will be instrumental in enabling digital...
Tough new EU rules on using AI in high risk situations will require organisations to meet unpreceden...