DevOps Culture

2020 DevSecOps Community Survey: Of 5,045 Developers, Guess How Many Are Happy?

We just released the seventh annual DevSecOps Community Survey. We captured the pulse of over 5,000 developers in 102 countries. What we learned about trends in DevSecOps will surprise you—especially the parts about how happiness influences company culture, software security and business competitiveness.

When we tallied up the results we quickly saw some interesting correlations. Organizations with mature DevSecOps practices innovate faster and produce more secure software. Why? It boils down to having happier developers. Developers in mature practices were 1.5x more likely to say they enjoyed their work. Mature DevSecOps practices are also 1.8x more likely to use automated security tools, which certainly makes developer’s lives easier.

Here are just a few interesting tidbits we discovered.

Happiness Influences Culture

“We’ve always known that DevSecOps is about culture. The 2020 DevSecOps Community Survey, for the first time, reveals clear and convincing empirical evidence that developers are happier and more productive when security is part of the digital transformation and DevOps journey,” said James Wickett, head of research at

Just like you can’t buy happiness, you can’t buy good culture. You have to cultivate it. Here’s what the survey showed:

  • Developers who received secure coding and programming opportunities are five times more likely to enjoy their work.
  • By contrast, only 19% of unhappy developers get similar training. Unhappy developers say they aren’t satisfied at work and are actively seeking other opportunities. You can see why they are grumpy cats.
  • Happy developers don’t feed off rumors—at least, not for security incidents. Instead, they focus on empirical evidence from better integrated tooling and security teams. Developers working in mature practices are 3.8x less likely to rely on a rumor.

Happiness Influences Security

“Mature DevOps practices are constantly testing, deploying and validating that software meets every requirement and allows for fast recovery in the event of a problem. As a result we can easily say, ‘DevSecOps is DevOps done right,’” said Hasan Yasar, technical director and adjunct faculty member at the Software Engineering Institute, Carnegie Mellon University.

Happy developers build more secure code. Here’s how they do it:

  • Mature DevOps practices are 1.7x more likely to have a complete SBOM (Software Bill of Materials), including dependencies. This makes finding and fixing open source components faster and easier.
  • Code quality? Check. Happy developers are 3.6x less likely to neglect security. This is because, with proper tools, they can focus their efforts on what is important.
  • Grumpy developers are 2.6x more likely to ignore a security warning compared to happier developers working in more mature DevSecOps practices.

Happiness Influences Business Outcomes

“We cannot achieve higher levels of DevOps maturity until we understand how tightly woven people are into the transformation process. More than anything, DevSecOps success is tied to human effort,” said Jayne Groll, CEO of DevOps Institute.

Businesses depend on secure code built by happy people. Look at these findings:

  • Happy developers are 1.4x more likely to follow their company’s open source governance policy. This is an important part of risk management. Ignoring policy and lessening software supply chain security can have catastrophic business implications.
  • Happy developers are 1.8x more likely to recommend their employer to peers and friends, a real boon for attracting and retaining talent in a competitive environment.
  • Happy developers are 1.7x more likely to get the job done. If productivity is the name of the game (and it often is) then businesses with mature DevSecOps teams outcompete the rest.

Download the full report here. Also, be sure to register for All Day DevOps | Spring Break on April 17th. I’ll be doing a session that goes over the report in depth and you won’t want to miss it.

DJ Schleen

DJ Schleen

DJ is a DevSecOps pioneer, advocate and security architect, and provides thought leadership to organizations adopting DevSecOps practices. DJ specializes in architecting DevSecOps pipelines and automating security controls in DevOps environments. DJ has worked to streamline development pipelines and practices for many startups and Fortune 100 organizations by focusing on culture, technique, the right technology, and the goals of business owners. He is an international speaker, blogger, instructor and author in the DevSecOps community and encourages organizations to deeply integrate a culture of security and trust into their core values and product development journey.

Recent Posts

GitHub Brings 2FA to JavaScript Package Manager

GitHub has made generally available a two-factor authentication tool for the package manager for JavaScript applications maintained by its NPM,…

2 hours ago

CREST Defines Quality Verification Standard for AppSec Testing

At the Black Hat USA 2022 conference, CREST today shared a quality assurance verification standard to improve application security testing.…

3 hours ago

IBM Unveils Simulation Tool for Attacking SCM Platforms

At the Black Hat USA 2022 conference, IBM today revealed it is making available a toolkit for launching simulated attacks…

7 hours ago

Tech Workers Struggle With Hybrid IT Complexity

Confidence levels among IT workers have plummeted as tech teams’ jobs have become more complex. The reasons behind IT worker…

7 hours ago

Open Standards Are Key For Realizing Observability

Observability has quickly become a major focus of enterprise DevOps. Yet tool sprawl and complexity can hold some observability initiatives…

8 hours ago

Cloud-Native: It’s One Thing

This Wednesday, August 10, 2022, starting at 9:00 a.m. ET, Techstrong Group is hosting an awesome virtual conference: CloudNativeDay. I…

23 hours ago