INFRA
INFRA
INFRA
Report finds most enterprises fail to implement security across DevOps process
Most organizations want to implement security into the entire DevOps process, but they’re struggling to do so.
That’s the biggest takeaway from a new report out today from security firm Checkmarx Ltd. “Managing Software Exposure: Time to Fully Embed Security into Your Application Lifecycle” was undertaken in conjunction with FreeForm Dynamics and The Register based on the input of 183 respondents worldwide in a variety of information technology roles.
The report found that a full 92 percent said that they were failing to implement security across their entire DevOps stack despite a desire to do so.
Education was cited as an ongoing issue, with 96 percent of respondents saying that they believed it was “desirable” or “highly desirable” for developers to be properly trained on how to produce secure code. A majority of respondents said they believe it’s more important to educate developers and empower them than it is to educate other stakeholders in the organization such as operations and security specialists.
Some 41 percent of respondents said that they agree that defining clear ownership and responsibility in relation to software security remains a big challenge, while only 11 percent said they’ve adequately addressed the need for developer education.
“Today, software is everywhere and the majority of respondents agree that it is integral to most business initiatives, yet there are still many gaps when it comes to securing that software,” Maty Siman, Checkmarx founder and chief technology, said in a statement. “Increased software complexity and the need to move at the speed of DevOps is creating a new type of risk in the form of software exposure, and as the results of this report attest, software security also needs to change.”
Other key findings included 57 percent of respondents agreeing with the statement that software security is now a boardroom issue. But 45 percent said they find it challenging to get senior management to approve funding for security training. Not least, 44 percent say executives don’t care about how quickly, frequently and safely developers deliver software, they just want them to do it.
Photo: mattmflickr/Flickr
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
