DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DataOps
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • DevOps Unbound
  • Webinars
    • Upcoming
    • Calendar View
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • Calendar View
    • On-Demand Events
  • Sponsored Content
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
  • Media Kit
  • About
  • Sponsor
  • AI
  • Cloud
  • CI/CD
  • Continuous Testing
  • DataOps
  • DevSecOps
  • DevOps Onramp
  • Platform Engineering
  • Sustainability
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps
    • ROELBOB
Hot Topics
  • Linux Foundation Europe to Host RISE Open Source Project
  • I Guess This is Growing Up: Devs and CISA’s Secure-by-Design Guidelines
  • Forget Change, Embrace Stability
  • Finding Your Passion
  • State of Software Security Report 2023 - Chris Eng, Veracode

Home » Latest News Releases » 90% of DevOps and IT Professionals Believe AppSec Responsibility Will be Shared by DevOps and Security Within Three Years

90% of DevOps and IT Professionals Believe AppSec Responsibility Will be Shared by DevOps and Security Within Three Years

By: Veronica Haggar on May 19, 2021 Leave a Comment

New ZeroNorth Research Highlights the Current State of AppSec and the Journey to DevSecOps

Recent Posts By Veronica Haggar
  • Neven Dilkov: Bulgarian Regulator Must Restore the Telecom Market Balance
  • SASE Continues to Roll with Revenue up 34 Percent to Top $6 Billion in 2022, According to Dell’Oro Group
  • ConnectALL Expands Betty Knight ConnectALL Scholarship Effort with Second Award
More from Veronica Haggar
Related Posts
  • 90% of DevOps and IT Professionals Believe AppSec Responsibility Will be Shared by DevOps and Security Within Three Years
  • ZeroNorth Adds Analytics App to Advance DevSecOps
  • Survey Finds Security Champions Fostering DevSecOps
    Related Categories
  • Latest News Releases
    Related Topics
  • ZeroNorth
Show more
Show less

Boston, MA, May 19, 2021 – At DevSecOps Days of the RSA Conference 2021, ZeroNorth, the only company to unite security, DevOps and the business for the good of software, today released a new research report: “The Journey to True DevSecOps,” with survey results from 250 global security, DevOps and IT professionals. The study shows that while the perceived benefits of DevSecOps to both security and DevOps are high, much progress must be made in defining a repeatable and consistent governance model for true DevSecOps to take hold.

TechStrong Con 2023Sponsorships Available

The study highlights how roles, responsibilities, and ownership of application security (AppSec) must be clearly defined as part of a DevSecOps governance model, something lacking in today’s environment. Specifically, the survey finds that while 76% of developers and engineers believe DevOps will own AppSec within three years, only 56% of AppSec professionals agree.

“We are at an inflection point where software security has become the foundation for enterprise security,” said John Worrall, CEO at ZeroNorth. “The push toward true DevSecOps will strengthen security and improve the products that DevOps deliver. That said, our study shows progress needs to be made on many fronts – most notably DevSecOps governance, process, and culture – for companies to see this promise materialize.”

Security Governance Takes Center Stage

Key to the topic of governance is the notion of responsibility. While the question of “Will DevOps own AppSec?” remains up for grabs, the study demonstrates how a shared responsibility model for AppSec is likely to emerge. In fact, 90% of participants said it is, indeed, likely that responsibility will be shared across DevOps and Security teams in the next three years.

While AppSec has historically centered on tooling, DevOps has been built with process and governance, enabled through automation and orchestration. As AppSec and DevOps come together into DevSecOps, discrepancies become clear. For example, while 58% of companies developing more than 31 applications annually say their continuous integration / continuous deployment (CI/CD) processes have been fully automated, only 17% of respondents say they have a fully automated development process that includes security.

Among the key findings from the research:

  • Automation and Orchestration are enabling DevSecOps: 91% of respondents agree or strongly agree that integrating AppSec tools into DevOps pipelines through automation will be critical to the success of DevSecOps; 88% believe orchestration of tools within CI/CD pipelines will be required.
  • Adjusting the Security Mindset: DevSecOps requires a culture change across Security and DevOps – and 73% of participants agree Security must rethink the way it partners with Development for DevSecOps to succeed.
  • Enabling Security in the Journey to DevSecOps: The survey also demonstrates key things Security must understand about DevOps, including the SDLC, tools and technical benefits. But there are actions Dev teams can take to support this journey. For example, 59% of respondents said Dev could promote DevOps best practices; 50% said Dev should include Security in DevOps planning sessions, and 46% said Dev should assign a DevOps Champion to the Security organization.

Other topics explored in the research:

  • Challenges and benefits of DevSecOps
  • The role of leadership in the journey to DevSecOps
  • Impact of DevOps on organizations’ risk posture

The full research report may be found at http://go.zeronorth.io/TrueDevSecOps.

About ZeroNorth

ZeroNorth brings security, DevOps and the business together to improve application security performance and reduce organizational risk. The company’s DevSecOps platform enables organizations to automate and orchestrate key components of their application security program, and to rapidly identify, prioritize and remove the vulnerabilities standing in the way of software excellence. In an age where the security of applications needs to be everyone’s responsibility, ZeroNorth is where organizations come together for the good of software. Learn more at www.zeronorth.io

Filed Under: Latest News Releases Tagged With: ZeroNorth

« Akamai Security Research: Financial Services Continues Getting Bombarded with Credential Stuffing and Web Application Attacks
Cynerio Raises $30 Million in Series B Funding to Secure Mission-Critical Medical and IoT Devices in Hospitals and Health Systems »

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

App-Solutely Necessary: Why Modernizing Your Apps Is A Must Hosted By The Cloudbusting Podcast Team
Thursday, June 1, 2023 - 11:00 am EDT
Confident Cloud Migrations: How A Top 5 Bank Ensured Reliability With AWS And Gremlin
Thursday, June 1, 2023 - 1:00 pm EDT
Securing Your Software Supply Chain with JFrog and AWS
Tuesday, June 6, 2023 - 1:00 pm EDT

GET THE TOP STORIES OF THE WEEK

Sponsored Content

PlatformCon 2023: This Year’s Hottest Platform Engineering Event

May 30, 2023 | Karolina Junčytė

The Google Cloud DevOps Awards: Apply Now!

January 10, 2023 | Brenna Washington

Codenotary Extends Dynamic SBOM Reach to Serverless Computing Platforms

December 9, 2022 | Mike Vizard

Why a Low-Code Platform Should Have Pro-Code Capabilities

March 24, 2021 | Andrew Manby

AWS Well-Architected Framework Elevates Agility

December 17, 2020 | JT Giri

Latest from DevOps.com

Linux Foundation Europe to Host RISE Open Source Project
May 31, 2023 | Mike Vizard
I Guess This is Growing Up: Devs and CISA’s Secure-by-Design Guidelines
May 31, 2023 | Pieter Danhieux
Forget Change, Embrace Stability
May 31, 2023 | Don Macvittie
What Is a Cloud Operations Engineer?
May 30, 2023 | Gilad David Maayan
Five Great DevOps Job Opportunities
May 30, 2023 | Mike Vizard

TSTV Podcast

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays

Most Read on DevOps.com

CDF Marries Emporous Repository to Ortelius Management Platform
May 26, 2023 | Mike Vizard
Microsoft Adds Slew of Developer Tools to Azure
May 24, 2023 | Mike Vizard
US DoJ Makes PyPI Give Up User Data ¦ Tape Storage: Not Dead
May 25, 2023 | Richi Jennings
Is Your Monitoring Strategy Scalable?
May 26, 2023 | Yoni Farin
The Metrics Disconnect Between Developers and IT Leaders
May 25, 2023 | Mike Vizard
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2023 ·Techstrong Group, Inc.All rights reserved.