Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Security Teams Often Struggle to Get Developers on Board: GitLab Study

A GitLab study based on responses from over 4,000 software professionals shows a disconnect between developer and security teams, and suggests that good DevOps can be the solution to security problems.

A GitLab study based on responses from over 4,000 software professionals shows a disconnect between developer and security teams, and suggests that good DevOps can be the solution to security problems.

Nearly 70% of developers say they are aware that they are expected to write secure code, but 49% of the security professionals (mostly represented by CIOs and CTOs) say it’s a struggle to get developers to make vulnerability remediation a priority, the survey shows.

Roughly half of security professionals say flaws are most often found by them after code is merged in a test environment, and 68% of them feel that less than half of developers are able to identify vulnerabilities later in the lifecycle, GitLab reported.

The security team of an organization with an established DevOps program is three times more likely to discover vulnerabilities before code is merged. Furthermore, they are 90% more likely to test 91-100% of code compared to an organization whose DevOps program is in early stages.

“Our research tells us that while most developers are aware of the dangers that vulnerabilities present and want to dramatically improve their security capabilities, they often still lack organizational support for prioritizing secure code creation, increasing secure coding skills, and implementing automated scanning and testing tooling to make that happen sooner rather than later,” said Colin Fletcher, manager of Market Research and Customer Insights at GitLab.

Interestingly, the study found that teams working mostly remotely are 23% more likely to have mature security practices compared to teams that mostly work from offices.

Advertisement. Scroll to continue reading.

According to the survey, the most widely used application security methods are dependency scanning (56%), cloud security (42%), container security (41%), and static application security testing, or SAST (35%). However, 60% of respondents admitted that they only scan less than half of their code.

Percentage of code tested based on GitLab survey

Respondents were asked to rate their security practices and only 20% said they were good. As for their DevOps practices, 34% said they were good and 13% said they were very good.

“The big takeaway from this survey is that early adopters of strong DevOps models experience greater security and find it easier to innovate, but barriers still prevent developers and security teams from achieving true DevSecOps,” said Sid Sijbrandij, CEO and co-founder of GitLab. “Teams need a single solution that can provide visibility into both sides of the process for streamlined deployment.”

Related: GitLab Launches Public Bug Bounty Program

Related: GitLab Patches Domain Hijacking Vulnerability

Related: Hundreds of Git Repositories Held for Ransom

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.