Nearly half of government coders with mature DevOps practices say security is a top concern
Within the public sector, respondents showed the highest rates of DevSecOps adoption (36%) when compared to all other industries, according to Sonatype’s seventh annual DevSecOps Community Survey. Of respondents with mature DevOps practices, nearly half said application security was a top concern, making them 2.3 times more likely to say so compared to those with immature DevOps practices. Even with their high security consciousness, 22% of public sector developers reported a breach tied to their application development practices within the last 12 months.
The survey pulls back the curtain on successful DevSecOps practices and secure coding, and highlights trends in different verticals, including government.
While DevSecOps practices are top of mind for developers in Government, the survey found that adoption of practices is less mature than in other industries. 62% rank their practices as Immature, 26% as Improving and 12% Mature, compared to 49%, 36% and 15%, respectively, for respondents overall. One area that demonstrates this lack of maturity is deployment velocity -- only 40% of government developers said they deploy changes to production at least once a week, compared to 55% for respondents overall.
The survey also dissected security attitudes and practices based on whether respondents reported being happy or dissatisfied and found that both groups prioritize security, among other findings. Happy government coders were found to be 1.7 times more likely to pay attention to security than peers in other industries, and 61% of them reported performing secure code analysis. Meanwhile, 60% of grumpy public sector programmers said they perform security analysis of their code, which is 1.8 times higher than grumpy coders across industries. With even more good news for Government agencies, 93% of programmers working in mature DevOps practices said they were happy in their job — a rate 1.2 times higher than happy developers in other industries.
Government respondents also indicated relative harmony within their organizations with regard to how they work with other teams. When asked which roles cause the most friction on their team, 23% of the happy programmers said “none,” compared to 14% for respondents overall. Meanwhile, 66% of happy government developers said self-paced e-learning is made available to them, compared to 50% of grumpy developers in the industry.
“One in five government developers have suspected or verified a breach tied to their application development practices in the past 12 months,” said Derek Weeks, Vice President at Sonatype. “Breaches have always been a motivating factor for increasing the security practices and hygiene within any application development team. Our survey results make it clear that DevOps teams in government agencies are striving to enhance their cybersecurity hygiene, adopting a DevSecOps mindset, and investing in more automation to stay ahead of their adversaries.”