A GitLab study based on responses from over 4,000 software professionals shows a disconnect between developer and security teams, and suggests that good DevOps can be the solution to security problems.
Nearly 70% of developers say they are aware that they are expected to write secure code, but 49% of the security professionals (mostly represented by CIOs and CTOs) say it’s a struggle to get developers to make vulnerability remediation a priority, the survey shows.
Roughly half of security professionals say flaws are most often found by them after code is merged in a test environment, and 68% of them feel that less than half of developers are able to identify vulnerabilities later in the lifecycle, GitLab reported.
The security team of an organization with an established DevOps program is three times more likely to discover vulnerabilities before code is merged. Furthermore, they are 90% more likely to test 91-100% of code compared to an organization whose DevOps program is in early stages.
“Our research tells us that while most developers are aware of the dangers that vulnerabilities present and want to dramatically improve their security capabilities, they often still lack organizational support for prioritizing secure code creation, increasing secure coding skills, and implementing automated scanning and testing tooling to make that happen sooner rather than later,” said Colin Fletcher, manager of Market Research and Customer Insights at GitLab.
Interestingly, the study found that teams working mostly remotely are 23% more likely to have mature security practices compared to teams that mostly work from offices.
According to the survey, the most widely used application security methods are dependency scanning (56%), cloud security (42%), container security (41%), and static application security testing, or SAST (35%). However, 60% of respondents admitted that they only scan less than half of their code.
Respondents were asked to rate their security practices and only 20% said they were good. As for their DevOps practices, 34% said they were good and 13% said they were very good.
“The big takeaway from this survey is that early adopters of strong DevOps models experience greater security and find it easier to innovate, but barriers still prevent developers and security teams from achieving true DevSecOps,” said Sid Sijbrandij, CEO and co-founder of GitLab. “Teams need a single solution that can provide visibility into both sides of the process for streamlined deployment.”
Related: GitLab Launches Public Bug Bounty Program
Related: GitLab Patches Domain Hijacking Vulnerability
Related: Hundreds of Git Repositories Held for Ransom

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Google Patches Third Chrome Zero-Day of 2023
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
Latest News
- Consolidate Vendors and Products for Better Security
- Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
- Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data
- North Korean Hackers Blamed for $35 Million Atomic Wallet Crypto Theft
- Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions
- Barracuda Urges Customers to Replace Hacked Email Security Appliances
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- BBC, British Airways, Novia Scotia Among First Big-Name Victims in Global Supply-Chain Hack
