Highly mature DevOps organizations that are able to integrate security functions into all stages of development are providing their developers with more self-service tooling and, consequently, they're fixing vulnerabilities faster as a result. So says the "2020 State of DevOps Report," which shows security maturity has slowly but surely improved across DevOps organizations this year.
The report is based on one of the longest running and comprehensive annual surveys of DevOps practitioners, this year querying 2,400 professionals from a range of development, IT, and information security roles within their organizations. A big theme this year is the role that self-service tools plays in DevOps success — not just for security, but also to enable engineering teams with self-service functions to provision systems, manage configurations, track performance, and tap into software component libraries.
The report shows the highest maturity organizations take an internal platform approach to deliver these self-service capabilities, often managed by a platform team who scales platforms to support the work of a mesh of different development teams and applications projects across an organization.
"Broadly speaking, the platform team provides the infrastructure, environments, deployment pipelines, and other internal services that enable internal customers — usually application development teams — to build, deploy and run their applications," the report explains.
The survey shows 63% of organizations today use internal platforms, with about 71% of those using between two to five different internal platforms. Approximately four in 10 organizations say 50% or more of their developers now use internal platforms.
