Application breaches jump 50pc as DevOps security bites

null

A new survey from Sonatype has revealed that DevOps teams are automating security 338 per cent more often as open source breaches jump by 55 per cent. 

The firm published the findings from its 5th annual DevSecOps Community Survey of 2,076 IT professionals which shared practitioner perspectives on evolving DevSecOps practices, shifting investments and changing perceptions. 

Following another year of record breaches, Sonatype found that three in 10 organisations either suspected or had verified breaches stemming from vulnerabilities in open source components. These vulnerabilities increased by 55 per cent when compared to 2017 and there was a 121 per cent increase since 2014.

When it came to DevSecOps transformations, the survey found that investments in open source governance (44%), container security (56%) and web application firewalls (58%) were considered the most critical by respondents. 

Sonatype's CEO, Wayne Jackson explained how high profile breaches have led to organisations investing more in DevSecOps, saying: 

“As application breaches tied to open source components jumped more than 50% year over year, those investing in DevSecOps showed 85% higher levels of cyber readiness, compared to those who aren’t. “It’s evident that recent high profile breaches have heightened investments in DevSecOps. The survey also revealed strong investments from organizations striving to stay ahead of May 2018’s ‘secure by design’ requirement stipulated within the EU’s General Data Protection Regulation (GDPR)”.   

The survey also found that 59 per cent of mature DevOps organisations are building more security automation into their development process in order to comply with GDPR.  Additionally 88 per cent of organisations with mature DevOps practices are investing in application security training while 35 per cent with immature practices said they had no access to security training.  This highlights the fact that businesses investing in DevOps tend to have strong cybersecurity readiness than those who don't. 

Image Credit: Profit_Image / Shutterstock