DevSecOps professionals are under immense pressure to deliver, leading to many of them considering quitting their posts, a new report suggests.
A paper issued by Invicti Security, based on a poll of 600 executives and practitioners across security, development and DevOps, states that four in five (78 percent) dev and sec respondents have suffered increased stress levels this year, with 73 percent considering resigning as a result.
Popular opinion has it that dev and sec staff can’t stand each other and that makes them stressed, but the reality is somewhat different. Just 17 percent of the respondents classified their relationship as “frenemies”, while 7 percent said they were strangers. The vast majority (76 percent) actually believe both have a “shared passion” for security and work as one team that often collaborates to address security issues.
If that’s not the case, what's causing the burnout problem? According to Invicti, seven in ten almost always complete projects without carrying out all security steps because they simply can’t find the time. Furthermore, integration into the software development life cycle (SDLC) is lacking, as a fifth (20 percent) reported having fully shifted left and right, while a third were left in the “messy middle”.
Then, there are underpowered tools and manual processes that hurt overall efficiency. These tools often generate false positive alerts, which create friction between dev and sec.
“While there is a growing recognition that security must be a core element of innovation, organizations continue to struggle to achieve that vision,” said Mark Ralls, President & COO of Invicti.
“It’s on leaders to set the tone from the top down and drive culture shifts that increase emphasis on security while equipping teams with the powerful tools and workflows they need to make secure innovation a reality.”