Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now
GitLab Inc.’s Sixth Annual Global DevSecOps Survey found that cybersecurity is the top priority and investment area for devops teams this year, but most organizations aren’t actually investing more money into their security programs. Only 10% of respondents report receiving additional budget for security — surprising after a year of increased cyberthreats.
Another source of tension: Developer and security professionals remain at odds over ownership of security and vulnerability identification. Half of security professionals report that developers are failing to identify cybersecurity issues -– attributing 75% of vulnerabilities to developers.
Meanwhile, 70% of teams release code continuously, once a day, or every few days, and the seemingly conflicting goals of delivery speed and security exacerbate the difficulty security and developer teams face when collaborating.
The right tools vs. all the tools
As such, it is unsurprising that cybersecurity is now the number one area of investment -– even over cloud computing. But in order for developers to focus on identifying security issues, they need the right tools. And according to the survey, the current toolchain sprawl is not helping.
AI Scaling Hits Its Limits
Power caps, rising token costs, and inference delays are reshaping enterprise AI. Join our exclusive salon to discover how top teams are:
- Turning energy into a strategic advantage
- Architecting efficient inference for real throughput gains
- Unlocking competitive ROI with sustainable AI systems
Secure your spot to stay ahead: https://bit.ly/4mwGngO
Currently, 40% of developers spend between one quarter and one half of their time maintaining or integrating complex toolchains, which is more than double the percentage in 2021. That large of an increase over just one year is notable, indicating a growing problem for developers.
Toolchain consolidation significantly reduces the time developers need to spend maintaining their tools, meaning they can focus more time on identifying security issues and increasing transparency with their security teams. Similarly, having fewer tools protects against supply chain risks and means fewer vendor risk assessments, threat models, and potentially vulnerable third-party libraries and components, plus a reduced landscape of penetration tests and security scans.
A single platform makes shifting left easier for developers and security professionals alike while providing the investment in security needed to protect against the ever-changing threat landscape.
Methodology
The survey, conducted in May 2022, consisted of 5,001 respondents, including developers, operations and cybersecurity practitioners and organizational leaders worldwide. The margin of error for the total sample (n=5001) is 1.4%.
Read the full report from GitLab.
