What is the biggest roadblock implementing DevSecOps practices?
Time and resources
50%
Technology stack is old
16%
Security isn't a priority
13%
Lack of executive buy-in
21%
What is the earliest stage you identify and remediate security issues?
Code (IDE, CLI, etc.)
43%
Commit (VCS)
11%
Build / Deploy (CI/CD)
29%
Running environment
17%
Developers in your organization currently play an active role in:
Infrastructure security
10%
Application security
34%
Both
43%
Neither
22%
Top benefit of embedding security earlier in the dev lifecycle?
Fewer security alerts/vulnerabilities
38%
Enhanced security posture
39%
Quicker security approvals
10%
Faster app deployments
13%
Does your dev team have the needed app security resources?
Yes - Well Equipped
18%
Yes - In most cases
24%
Yes - Somewhat
34%
No - Lacking in most cases
24%
Where are you on your DevSecOps journey?
Organizational adoption
30%
Individual dev team adoption
23%
Piloting or investigating
32%
No plans
16%