The DevSecOps adoption dilemma

GitLab survey finds organizations are optimistic about AI, but AI adoption requires attention to privacy and security, productivity, and training.

  • 2 months ago Posted in

GitLab has published its 9th Global DevSecOps Report: The State of AI in Software Development. GitLab surveyed more than 1,000 global senior technology executives, developers, and security and operations professionals on their successes, challenges, and priorities for AI adoption.


“The transformational opportunity with AI goes way beyond creating code,” said David DeSanto, chief product officer, GitLab. “According to the GitLab Global DevSecOps Report, only 25% of developers' time is spent on code generation, but the data shows AI can boost productivity and collaboration in nearly 60% of developers’ day-to-day work. To realize AI’s full potential, it needs to be embedded across the software development lifecycle, allowing everyone involved in delivering secure software, not just developers, to benefit from the efficiency boost. GitLab’s AI-powered DevSecOps platform delivers a privacy-first, single application to help teams deliver secure software faster.” 


Key takeaways of the report are:


Data privacy, intellectual property, and security are top concerns

Although organizations are enthusiastic about implementing AI, data privacy and intellectual property are key priorities when adopting new tools.

●      95% of senior technology executives said they prioritize privacy and protection of intellectual property when selecting an AI tool

●      32% of respondents were "very" or "extremely" concerned about introducing AI into the software development lifecycle; of those:

○      39% cited they are concerned that AI-generated code may introduce security vulnerabilities and 48% said they are concerned that AI-generated code may not be subject to the same copyright protection as human-generated code


Increased developer productivity may widen the existing divide between developers and security professionals

Security professionals worry that AI-generated code could result in more security vulnerabilities—making more work for security professionals.

●      Only 7% of developers’ time is spent identifying and mitigating security vulnerabilities and 11% is spent on testing code

●      48% of developers were significantly more likely to identify faster cycle times as a benefit of AI, compared to 38% of security professionals

●      51% of all respondents are already seeing productivity as a key benefit of AI implementation


Insufficient training and resources causing widening AI skills gap

While respondents remain optimistic about their company’s use of AI, the data indicates a discrepancy between organizations’ and practitioners’ satisfaction with AI training resources. Despite 75% of respondents saying their organization provides training and resources for using AI, a roughly equal proportion also said they are finding resources on their own, suggesting that the available resources and training may be insufficient.

●      81% cited they require training to successfully use AI in their daily work

●      65% who use, or are planning to use, AI for software development said their organization hired or will hire new talent to manage AI implementation

●      When asked what types of resources are being used to build AI skills, the top responses were:

○      49% utilize books, articles, and online videos, 49% watch educational courses, 47% practice with open-source projects, and 47% learn from peers and mentors


“Enterprises are seeking out platforms that allow them to harness the power of AI, while addressing potential privacy and security risks,” said Alexander Johnston, Research Analyst in the Data, AI & Analytics channel at 451 Research, a part of S&P Global Market Intelligence. “There is industry demand for privacy-first, sustainably adopted AI.”

New business metrics for Cisco Cloud Observability enable customers to significantly enhance critical business context when observing the end-to-end flow of modern applications.  
Transformational technologies, including AI-augmented software engineering (AIASE), AI coding assistants and platform engineering, will reach mainstream adoption in 2-5 years, according to the Gartner, Inc. Hype Cycle for Software Engineering, 2023.
New Innovation Factory to speed design and development of cloud, data, AI and generative AI projects.
Although most remain “unsure how it actually works”, 40% of C-level executives are planning to use AI and the advantages that can be gained through Generative AI (Gen AI) such as ChatGPT to cover critical skills shortages, according to new research by Kaspersky.
Civo has published the results of its research into the challenges faced by Machine Learning (ML) developers in their roles. With more businesses deploying ML, the research highlights the current hurdles faced and the high rate of project failure.
Now Assist in Virtual Agent, flow generation, and Now Assist for Field Service Management are the latest in powerful GenAI solutions to be embedded into the ServiceNow Platform.
Report unveils AI adoption rates for 2024 along with other tech and customer experience predictions.
New innovations in cloud threat detection give SOC teams the edge to pinpoint suspicious activity across their attack surface.