GitLab's 2022 Global DevSecOps Survey: Security is the top concern, investment

Aug 23, 2022 · 3 min read · Leave a comment
Valerie Silverthorne GitLab profile

The days of security as a “nice to have” are officially over. In our 2022 Global DevSecOps Survey of more than 5,000 practitioners, security was the driving force behind technology choices, team structure, DevOps platform use, and more.

The findings from our sixth annual survey represent a dramatic shift from past years, when security teams – and security concerns – were often siloed and silenced in the push to get software out the door faster.

Nothing could be further from the truth today:

The attention to security in DevOps teams doesn’t stop there. As our surveys have shown since 2020, DevOps roles continue to shift, and this year, many of those shifts were laser-focused on security.

And when we asked developers about the most difficult parts of their jobs, thousands pointed to security and security-related concerns. Three developers summed it up:

“Cyber security attacks are the biggest concerns facing us today.”

“Data security, data security, I repeat, data security.”

“Trying to build applications that are secure and stable.”

More work to do

Security clearly has a seat at the DevOps table today, but areas of friction remain.

For starters, security testing requires a balance that’s difficult to achieve. Static application security testing (SAST), dynamic application security testing (DAST), and container and dependency scans are increasing, which is good news, but the percentage of devs able to easily access those results in their workflows remains stubbornly low (30% or less).

And sec and dev may never see eye to eye on finding and fixing bugs. For the third year in a row, sec pros said devs don’t find enough bugs early enough in the process, meaning they are stuck finding and fixing them much later (when it’s more difficult). And, as we’ve heard repeatedly over the last years, security’s focus and development’s focus aren’t usually the same:

57% of sec pros said finding bugs was a developer performance metric in their organizations, but 56% said it was difficult to get developers to actually prioritize bug remediation.

Facing the future

While security pros feel good about their organizations’ security postures (71% rated them as “good” or “very good”), they’re not feeling particularly optimistic about the future. A full 43% said they feel “somewhat” or “very” unprepared for the future; to look at it from another way, the percentage of sec pros who are confident, 56%, is 20 points lower than either their ops or dev colleagues.

What can help power security professionals into the future? Surprisingly, the top answer (54%) is AI, which was a 33% increase from last year. Since 2020, sec respondents have said soft skills like communication and collaboration were most important but this year soft skills came in second place.

Security is just one of many themes – automation, AI, information overload, real world challenges, compliance, and faster releases, to name just a few – our survey uncovered. So download and share the entire report, “The 2022 DevSecOps Survey: Thriving in an Insecure World”, to dig deeper into them.

Read the previous surveys!

GitLab 2021 DevSecOps Survey

GitLab 2020 Global Developer Report: DevSecOps

GitLab 2019 Global Developer Report: DevSecOps

Open in Web IDE View source