A global survey of 5,010 IT leaders, CISOs and builders printed by GitLab this week discovered effectively over half (56%) of respondents are working for organizations which are utilizing DevOps or DevSecOps practices. Nevertheless, 72% of respondents mentioned they’re utilizing a DevSecOps platform (36%) or are contemplating adopting one within the subsequent 12 months (36%).
General, lower than a 3rd of survey respondents (30%) mentioned they have been “fully” chargeable for software safety, with 53% reporting they’re half of a bigger software safety staff. Nicely over a 3rd (38%) of the 1,453 safety professionals surveyed mentioned they’re a part of a cross-functional staff centered on safety.
License compliance checks and safety capabilities for cloud-native or serverless tied for the highest of the record of present priorities (19%), however shifting safety left (29%) was the highest focus for the approaching 12 months. Almost three-quarters (74%) of safety professionals mentioned their organizations both shifted left or plan to within the subsequent three years. Almost as many (71%) mentioned 1 / 4 or extra of all safety vulnerabilities have been found by builders.
Prime frustrations recognized particularly by safety professionals included testing taking place too late within the improvement cycle (43%) and problem prioritizing vulnerability remediation (41%).
These frustrations would possibly enhance within the coming 12 months, with 85% of safety professionals reporting they both have the identical or decrease funds in 2023.
On the plus aspect, almost two-thirds of the 1,954 builders surveyed mentioned they’re both utilizing synthetic intelligence (AI) and machine studying (ML) algorithms in testing at the moment or will probably be within the subsequent three years. A full 62% mentioned they used AI/ML to verify code, whereas 53% use bots for testing and 36% use AI/ML for code assessment.
However, greater than two-thirds of safety professionals (67%) mentioned they’re involved in regards to the influence of AI/ML capabilities on their job, with 28% of them admitting they’re “very” or “extraordinarily” involved. Of these respondents who expressed concern, 25% mentioned they’re nervous in regards to the potential for AI/ML to introduce errors that may make their job harder.
David DeSanto, chief product officer at GitLab, mentioned GitLab can be working to deal with these considerations by embedding a range of AI/ML capabilities into its platform to optimize DevSecOps workflows and, most not too long ago, enhanced its GitLab Distant Growth module to make it simpler to centralize the upkeep and safety of improvement environments.
GitLab this week additionally introduced it’s partnering with Oracle to make it simpler to make use of the GitLab steady integration/steady supply (CI/CD) platform to run AI and ML workloads on the Oracle cloud platforms. AI/ML goes to play a vital position in enabling organizations to construct and deploy safe code with out slowing down the tempo of software improvement, mentioned DeSanto. In reality, many organizations will quickly be consolidating toolchains to allow them to attain that aim, he added.
The GitLab survey discovered 57% of safety respondents mentioned they use six or extra instruments, however lots of these instruments are legacy software program composition evaluation (SCA) instruments that will probably be changed as extra accountability for software safety shifts left towards builders, famous DeSanto. Two-thirds of survey respondents (66%) reported they wish to consolidate their toolchains this 12 months.
Collectively, the GitLab survey makes it clear that DevOps and DevSecOps practices and platforms proceed to evolve quickly. The problem, as all the time, is maintaining with the tempo of that change.