• Home
  • Press Releases
  • 90% of DevOps and IT Professionals Believe AppSec Responsibility Will be Shared by DevOps and Security Within Three Years

90% of DevOps and IT Professionals Believe AppSec Responsibility Will be Shared by DevOps and Security Within Three Years

Publish Date

May 19, 2021

New ZeroNorth Research Highlights the Current State of AppSec and the Journey to DevSecOps

Boston, May 19, 2021 –– At DevSecOps Days of the RSA Conference 2021, ZeroNorth, the only company to unite security, DevOps and the business for the good of software, today released a new research report: “The Journey to True DevSecOps,” with survey results from 250 global security, DevOps and IT professionals. The study shows that while the perceived benefits of DevSecOps to both security and DevOps are high, much progress must be made in defining a repeatable and consistent governance model for true DevSecOps to take hold.

The study highlights how roles, responsibilities, and ownership of application security (AppSec) must be clearly defined as part of a DevSecOps governance model, something lacking in today’s environment. Specifically, the survey finds that while 76% of developers and engineers believe DevOps will own AppSec within three years, only 56% of AppSec professionals agree.

“We are at an inflection point where software security has become the foundation for enterprise security,” said John Worrall, CEO at ZeroNorth. “The push toward true DevSecOps will strengthen security and improve the products that DevOps deliver. That said, our study shows progress needs to be made on many fronts – most notably DevSecOps governance, process, and culture – for companies to see this promise materialize.”

Security Governance Takes Center Stage
Key to the topic of governance is the notion of responsibility. While the question of “Will DevOps own AppSec?” remains up for grabs, the study demonstrates how a shared responsibility model for AppSec is likely to emerge. In fact, 90% of participants said it is, indeed, likely that responsibility will be shared across DevOps and Security teams in the next three years.

While AppSec has historically centered on tooling, DevOps has been built with process and governance, enabled through automation and orchestration. As AppSec and DevOps come together into DevSecOps, discrepancies become clear. For example, while 58% of companies developing more than 31 applications annually say their continuous integration / continuous deployment (CI/CD) processes have been fully automated, only 17% of respondents say they have a fully automated development process that includes security.

Among the key findings from the research:

  • Automation and Orchestration are enabling DevSecOps: 91% of respondents agree or strongly agree that integrating AppSec tools into DevOps pipelines through automation will be critical to the success of DevSecOps; 88% believe orchestration of tools within CI/CD pipelines will be required.
  • Adjusting the Security Mindset: DevSecOps requires a culture change across Security and DevOps – and 73% of participants agree Security must rethink the way it partners with Development for DevSecOps to succeed.
  • Enabling Security in the Journey to DevSecOps: The survey also demonstrates key things Security must understand about DevOps, including the SDLC, tools and technical benefits. But there are actions Dev teams can take to support this journey. For example, 59% of respondents said Dev could promote DevOps best practices; 50% said Dev should include Security in DevOps planning sessions, and 46% said Dev should assign a DevOps Champion to the Security organization.

Other topics explored in the research:

  • Challenges and benefits of DevSecOps
  • The role of leadership in the journey to DevSecOps
  • Impact of DevOps on organizations’ risk posture

The full research report may be found at http://go.zeronorth.io/TrueDevSecOps.

About ZeroNorth
ZeroNorth brings security, DevOps and the business together to improve application security performance and reduce organizational risk. The company’s DevSecOps platform enables organizations to automate and orchestrate key components of their application security program, and to rapidly identify, prioritize and remove the vulnerabilities standing in the way of software excellence. In an age where the security of applications needs to be everyone’s responsibility, ZeroNorth is where organizations come together for the good of software. Learn more at www.zeronorth.io

eBooks & Research Reports

How DevSecOps Analytics Solve the Biggest Hurdles of AppSec

When it comes to building out a robust AppSec program, and embarking on the journey toward DevSecOps, there is a lot to remember and just as ...

Read Now


Ramp Up Your AppSec Program with ZeroNorth DevSecOps Quick Start

Learn how ZeroNorth DevSecOps Quick Start is ideal for engineering and security teams who need a quick, easy and cost-effective way to jumpstart their AppSec program.

Read Now

Related Press Releases

ZeroNorth Delivers “DevSecOps for Dummies” Book

By ZeroNorth Aug 10, 2021

Educational Book Delivers Background, Actionable Steps to Help Organizations Build a Best-in-Class DevSecOps Program  Boston, August 10, 2021 –– ZeroNorth, the only company to unite security, ...

Read More

ZeroNorth Named Winner of the Coveted Global InfoSec Awards During RSA Conference 2021

By ZeroNorth May 17, 2021

ZeroNorth Wins Hot Company in DevSecOps and Cutting Edge in Application Security Awards In 9th Annual Global InfoSec Awards at #RSAC 2021 San Francisco, CA, May ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.