Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Developers Outnumber Security Pros 100:1 as Breaches Grow

Breaches related to open source components in applications have soared by 50% since 2017, according to a new study from Sonatype urging developers to adopt DevSecOps practices.

The security vendor polled over 2000 IT professionals to compile its 2018 DevSecOps Community Survey.

The findings chime with a Sonatype study in March which found that one in eight open source components downloaded in the UK last year contained known security vulnerabilities — a 120% year-on-year increase.

It also echoes a new CA Veracode report, which claimed last week that only 52% of global developers update open source components when a new vulnerability is announced.

Overall, one in three respondents to the Sonatype study had or suspected a breach due to web app vulnerabilities in the past 12 months.

The report revealed a need for automated application security testing to tackle cybersecurity issues and improve business productivity.

For example, developers outnumber security professionals by 100:1, while 48% of respondents claimed they don’t have enough time to spend on application security.

The good news is that DevOps seems to be a pathway to DevSecOps: those with mature DevOps practices are 24% more likely to have deployed automated security practices throughout their development lifecycle.

What’s more, 59% of DevOps companies are building more security automation into their development process as awareness around GDPR compliance grows.

Overall, the use of DevSecOps practices grew 15% among respondents.

“As more software is layered into an ecosystem, more automation will make management less challenging,” explained SJ Technologies senior DevOps advocate, Chris Short. “Automating security tooling into container-based workflows will become a critical piece of every major organization's security posture. Remember, always be shifting left.” 

What’s Hot on Infosecurity Magazine?