Security Teams Often Struggle to Get Developers on Board: GitLab Study

A GitLab study based on responses from over 4,000 software professionals shows a disconnect between developer and security teams, and suggests that good DevOps can be the solution to security problems.


Nearly 70% of developers say they are aware that they are expected to write secure code, but 49% of the security professionals (mostly represented by CIOs and CTOs) say it’s a struggle to get developers to make vulnerability remediation a priority, the survey shows.


Roughly half of security professionals say flaws are most often found by them after code is merged in a test environment, and 68% of them feel that less than half of developers are able to identify vulnerabilities later in the lifecycle, GitLab reported.


The security team of an organization with an established DevOps program is three times more likely to discover vulnerabilities before code is merged. Furthermore, they are 90% more likely to test 91-100% of code compared to an organization whose DevOps program is in early stages.


“Our research tells us that while most developers are aware of the dangers that vulnerabilities present and want to dramatically improve their security capabilities, they often still lack organizational support for prioritizing secure code creation, increasing secure coding skills, and implementing automated scanning and testing tooling to make that happen sooner rather than later,” said Colin Fletcher, manager of Market Research and Customer Insights at GitLab.


Interestingly, the study found that teams working mostly remotely are 23% more likely to have mature security practices compared to teams that mostly work from offices.


According to the survey, the most widely used application security methods are dependency scanning (56%), cloud ..

Support the originator by clicking the read the rest link below.