DevOps embracing security measures to build safer software


DevOps isn’t just transforming how developers and operations work together to deliver better software faster, it is also changing how developers view application security. A recent survey from software automation and security company Sonatype found that DevOps teams are increasingly adopting security automation to create better and safer software.

It’s no secret that traditional development and operations teams view security controls as slow and cumbersome, and often look for ways to bypass the requirements in their rush to get software out the door. However, only 28 percent of respondents from organizations with mature DevOps practices felt that security requirements slowed down software development, Sonatype found in its 2017 DevSecOps Community Survey. In fact, 84 percent of respondents from mature DevOps organizations viewed application security as a safety measure, not an inhibitor to innovation.

“DevOps is not an excuse to do application security poorly; it is an opportunity to do application security better than ever,” said Wayne Jackson, CEO of Sonatype.

While just under a quarter of the respondents to the online survey—which include developers, DevOps teams, IT managers, team leads, architects, and build and operations engineers—considered security as a top development concern, that figure jumped to 38 percent among respondents who worked at organizations with a mature DevOps culture. Those respondents said their developers spend a lot of time on security.