According to the GitLab DevSecOps report released Thursday, security continues to be a DevSecOps priority, increasingly looking to developers and technology as part of the process.
For example, developer-driven security has increased. According to the report, 71% of his respondents said the vulnerabilities were discovered by developers.
“This, I think, is that security organizations have become accustomed to developers waiting until the end and then finding and fixing vulnerabilities during the development process, as traditional people did. We spend months generating a number of tools, reports, and fixing everything in those reports,” said Bob Stevens, GitLab’s vice president of public sector. I’m here. next government“So, for me, security groups are [are] We are adopting the tools that exist and relying more and more on tools that can ensure that our code is being developed safely. ”
Despite the need for better digital experiences and improved security, the report found that 75% of public sector respondents reported deploying software at the same or slower pace than last year. increase. In the 2022 report, this was 59% of respondents.
“I’m surprised, but perhaps not surprised, that there are so many, especially with the tools that exist today,” says Stevens. “But there are still many agencies that are stuck in the waterfall and have not moved to agile development. They are still very overheated and struggling to find a way out of that scenario . It’s a change, and that’s exactly what it is.”
In the commercial sector, however, Stevens notes that this is only 40%, “showing that governments are lagging behind when it comes to moving to new development tools, building software factories, and deploying platforms.” said.
Meanwhile, more than 50% of government respondents report evaluating or purchasing a DevSecOps platform in the next 1-3 years.
However, according to the report, 44% of public sector respondents use 6 or more tools, with some using 15 or more tools.
“The more tools we use, the more opportunities there are for vulnerabilities and bad code to be created,” he added. “It also slows things down because things can be written in the pipes of the stove. And then you end up trying to merge all those pipes together. Btw, when you do that they usually don’t work So having too many tools slows things down.Cost is another matter.”
Additionally, 59% of respondents in government and defense or aerospace are looking to consolidate the number of tools they use.
According to Stevens, this will help “reduce complexity, increase mission speed, and reduce costs.” This includes tooling and training costs. He also added that remote work will become more feasible.
Meanwhile, the report notes that artificial intelligence and machine learning are also important to DevSecOps. Specifically, developers with DevSecOps platforms were more likely to utilize automation and his AI or ML for testing purposes than developers without platforms. Notably, 65% of his developers said he uses AI or ML for testing or plans to use it within the next three years. In addition, 62% of developers using AI or ML use it for code checking and for this purpose only 51% of developers using AI or ML said he Increased from the 2022 report. Additionally, 53% of developers using AI or ML use bots for testing, up from 39% in 2022.
“I think this is to help speed up the mission,” Stevens said. “When you don’t have to reinvent the wheel and you can use AI and machine learning to do something or help with common things in development, you can save time and stay safe. Both intend to achieve efficiency and security, so I think we will see more and more use of AI, especially in software development, because there are aspects of AI that make sense. It just makes life so much easier for everyone.”
GitLab surveyed over 5,000 IT and software professionals, including public sector professionals, in March 2023 for this report.
