A new DevSecOps survey by GitLab shows that 65% of developers are using or plan to use artificial intelligence and machine learning in their code testing efforts within the next three years, highlighting the potential for automating the software development process. shows a significant shift.
GitLab’s 7th annual global DevSecOps report surveyed over 5,000 IT leaders, CISOs and developers across the financial services, automotive, healthcare, telecommunications and technology industries. Conducted in March 2023 by market research firm Savanta, the purpose of this study was to understand the successes, challenges, and priorities of DevSecOps implementations.
Jump to:
Growing reliance on AI and ML
One of the main findings of the GitLab report was the fact that the adoption of AI/ML in software development and security workflows continues to accelerate. 62% of software developers are using AI/ML to check their code, up from 51% in 2022. They use bots in their testing process, compared to 39% last year.
According to a GitLab report, organizations have already started building security into their software development lifecycles, and AI/ML is playing a key role in identifying vulnerabilities in their code. The study found that developers who used DevSecOps platforms were more likely to implement automation and her AI/ML for testing than those who didn’t.
Challenges for developers and security professionals
Toolchain complexity
Developers and security professionals continue to face challenges in using the various tools and applications they are expected to use as part of their role. Toolchain management is an important issue, especially for security professionals.
GitLab found that 57% of security respondents reported using six or more tools, compared to 48% of developers and 50% of operations professionals.
Not only that, but it looks like the toolchain for security professionals is expanding as well. In GitLab’s 2022 Global DevSecOps Report, 54% of security respondents said they used 2-5 tools in their workflow, and 35% reported that they used 6-10 of his tools. bottom. In 2023, those figures were 42% and 43% respectively.
Consistent security monitoring
Not surprisingly, having too many tools that security professionals are expected to use makes it more difficult to maintain consistent monitoring, with 26% of security professionals perceiving this as a problem. Similarly, 26% of her security respondents reported difficulty deriving cohesive insights from all integrated tools, and two-thirds (66%) said they would like to integrate their toolchains. rice field.
The survey showed a growing awareness of security as a shared responsibility among DevSecOps teams. 71% of his security professionals surveyed report that developers see more than a quarter of all security vulnerabilities for him, up from 53% in 2022. increase.
Flow of “shift left”
The report highlights a shift to cross-functional collaboration, with 38% of security professionals reporting being part of a security-focused team, compared to 29% in 2022. increase.
According to GitLab, this trend reflects the industry’s move to incorporate security earlier in the software development lifecycle, known as “shifting left.” This approach allows development, security, and operations teams to work together more effectively instead of operating in silos.
With 85% of security respondents reporting budgets that are the same or lower than 2022, tech teams need more budgets than ever before.
look: Why Shifting Left is at the Top of the DevSecOps Agenda
In a press release for the report, David DeSanto, Chief Product Officer at GitLab, said that DevSecOps tools and methodologies enable organizations to consolidate their toolchains, reduce costs, and ultimately free up development teams for missions. By focusing on critical responsibilities, security and efficiency can be improved, he said. and innovative solutions.
“Organizations around the world are looking for ways to do more with less. I mean,” said DeSanto.
“GitLab research shows that DevSecOps tools and methodologies enable leaders to better secure and integrate disjointed and fragmented toolchains, reduce spending, while freeing development teams from mission-critical responsibilities and We can spend more time on innovative solutions.”
look: Security teams aren’t the only ones struggling to do more with less.
The Most Important Skills for Security Professionals
As AI and ML become an integral part of the software development lifecycle, organizations must ensure their security teams have the right skills and tools to take full advantage of new technologies. But GitLab found that AI and ML are competing with other high-impact areas as security professionals change their professional goals.
look: Learn about different DevOps careers and career paths
In 2022, security professionals identified AI/ML as the most important skill to advance their careers. This is more important than both developers and operations professionals.
This year, nearly a quarter (23%) of security professionals chose AI/ML as their top skill, compared to soft skills (31%), subject matter expertise (30%), metrics and quantification. focused more on strategic insights (27%). — This suggests that professionals recognize the need for a broad skill set to navigate modern security challenges.
Concerns about the impact of AI/ML on jobs
There is some resistance to the accelerated adoption of AI and ML in the software development cycle, and leaders should navigate carefully.
As in other industries, a GitLab survey found that technical professionals are concerned about what AI/ML means for their jobs. 28% say they are ‘very’ or ‘extremely’ concerned.
Twenty-five percent of those who expressed concern said they were worried AI/ML would cause errors and make their jobs more difficult. On the other hand, 29% worry that his AI/ML will reduce the number of available jobs, and 23% worry that his AI/ML will make their skills obsolete. expressed.
How Leaders Empower DevSecOps
Invest in AI/ML training and tools
Organizations should prioritize equipping security teams with the skills and tools they need to effectively leverage AI and ML in their software development and security workflows, maximize the benefits of automation, and improve efficiency. .
Facilitate cross-functional collaboration
It encourages a shift-left approach by fostering collaboration between development, security, and operations teams, resulting in a more streamlined and efficient software development lifecycle that builds security in from the ground up.
Toolchain integration and streamlining
Security professionals use multiple tools, adding complexity. Focus on toolchain integration and simplification to improve efficiency, reduce friction and cost, and free security teams to focus on their core responsibilities.
