New GitLab Research Reveals Rising Demand for Security and Efficiency in Software Development, Increasing Use of AI/ML in Security
GitLab has released its 7th annual Global DevSecOps Report highlighting key trends in software development security. The survey, conducted in March 2023 with over 5,000 IT leaders, noted a shift towards incorporating security early in the development lifecycle. Key findings reveal:
- 71% of security experts now capture vulnerabilities, up from 53% in 2022.
- AI and ML are increasingly being adopted, with 65% of developers planning to use these technologies within three years.
- 66% of respondents wish to consolidate their toolchains due to productivity barriers.
Despite challenges, especially within the U.S. public sector where software deployment rates have plateaued, over half of government participants are considering DevSecOps solutions in the near future.
- 71% of security professionals capture a quarter or more of vulnerabilities, an increase from 53% in 2022.
- 65% of developers plan to integrate AI/ML in testing efforts in the next three years.
- 85% of security professionals report flat or reduced budgets compared to 2022.
- 75% of public sector respondents noted software deployment rates are the same or slower than in 2022.
Key trends are the prioritization of security and governance, the emergence of AI in software development and security workflows, and the impact of implementing DevSecOps tools and methodologies on efficiency
SAN FRANCISCO, April 20, 2023 (GLOBE NEWSWIRE) -- ALL REMOTE – GitLab Inc., the most comprehensive DevSecOps Platform for software innovation, today released its 7th annual Global DevSecOps Report: Security Without Sacrifices.
In March 2023, GitLab surveyed more than 5,000 IT leaders, CISOs, and developers in industries including financial services, automotive, healthcare, telecommunications, and technology on their successes, challenges, and main priorities for DevSecOps implementation.
Security remains a key priority for organizations amid the growing global threat landscape.
DevSecOps teams are becoming more broadly aware of security as a shared responsibility. Incorporating security earlier in the software development lifecycle, or shifting left, is enabling development, security, and operations teams to work collaboratively instead of working in silos, as seen in previous years.
71% of security professionals said that a quarter or more of all security vulnerabilities are being captured by developers, up from53% of respondents in 2022.38% of security professionals reported being part of a cross-functional team focused on security, up from29% in 2022.85% of security respondents report that they have the same or less budget than 2022, highlighting an urgent need to do more with less.
AI/ML goes hand-in-hand with a DevSecOps platform.
Artificial Intelligence (AI) and machine learning (ML) have become critical components of DevSecOps workflows. Developers who use a DevSecOps platform were more likely to have implemented automation and AI/ML for testing than those who do not.
65% of developers said that they are using AI/ML in testing efforts or will be in the next three years.62% of developers using AI/ML use it to check code, up from51% in 2022.53% of developers using AI/ML said they use bots for testing, up from39% in 2022.
Toolchain management is an ongoing barrier to developer productivity.
Developers and security professionals continue to report significant time spent on toolchain management, reducing time available to dedicate to critical tasks such as adherence to compliance regulations.
66% of survey respondents reported wanting to consolidate their toolchains this year.27% of security respondents reported that it is difficult to have consistent monitoring across disparate tools.26% of security respondents said it is difficult to draw cohesive insights across all integrated tools.
U.S. public sector reports plateaued efficiency and complex development toolchains.
Despite ongoing demands for improved digital experiences within the public sector, respondents working within U.S. government entities noted slowed or stagnant software development. Promisingly, more than half of government respondents said they are evaluating or purchasing a DevSecOps solution in one to three years.
75% of public sector respondents reported deploying software at the same rate or slower than they did in 2022.44% of public sector respondents reported using 6 or more tools for software development, including some who use more than 15 tools.59% of US government and aerospace/defense respondents want to consolidate their toolchain.
“Organizations globally are seeking out ways to do more with less. This means that efficiency and security cannot be mutually exclusive when identifying opportunities to remain competitive,” said David DeSanto, Chief Product Officer at GitLab. “GitLab’s research shows that DevSecOps tools and methodologies allow leadership to better secure and consolidate their disparate, fragmented toolchains and reduce spend, while also freeing up development teams to spend time on mission-critical responsibilities and innovative solutions.”
For more information, and to access the full report, click here.
Methodology
The report was commissioned by GitLab and conducted by Savanta. The survey was distributed via GitLab’s social media channels and email lists, and panel sampling was conducted by Savanta in order to reduce bias in the sample.
Responses were collected from 5,010 software professionals worldwide in March 2023. The margin of error for the total sample is
Press Contact
Kristi Piechnik
press@gitlab.com
About GitLab
GitLab is the most comprehensive, scalable enterprise DevSecOps platform for software innovation. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 30 million registered users and more than
FAQ
What are the key findings of the GitLab 2023 Global DevSecOps Report?
How has the adoption of AI/ML changed in the DevSecOps landscape?
What challenges are faced by public sector organizations discussed in the report?