The findings of Sonatype’s 2020 DevSecOps Community Survey Government Edition offer another compelling reason why fully embracing DevSecOps best practices makes good business sense.
The report, which surveyed over 5,000 developers, DevOps, and IT and information security professionals from around the globe, both from the government and private sectors, is the longest running survey of DevSecOps practices in the industry and defines the differences and impacts arising from mature, or immature, DevOps practices.
This year though, they added “a new twist,” Sonatype’s Vice President, Derek Weeks, and DevSecOps Advocate, DJ Shleen, write.
For the first time, the survey shows how the maturity of a company’s DevOps practices impacts what they call “developer delight,” and they find that organizations with mature practices also enjoyed higher rates of job satisfaction, employee loyalty, and developer productivity.
“Our 2020 DevSecOps Community Survey reveals that the more evolved DevOps practices are in [a government organization], the happier we found their developers,” the report states.
And moreover, all levels of an organization, from the developers, to the managers, and to the executive level, should take notice of this metric’s implications because it has for a massive impact on the organization’s culture, and ultimately, its end product.
“The happiest developers built more security practices into their applications, and the pipelines that build them,” the report tells us, meaning that organizations who take the time to mature their DevSecOps practices thereby make their developers happier and more effective employees.
The lack of good DevSecOps practices though, showed the opposite effects. “Grumpy developers,” the study states, “demonstrated low job satisfaction rates [and] wouldn’t recommend their employer [to friends seeking a new job].” Part of the reason for this dissatisfaction is that their organization gave them less access to the training and automated security tools that they would need to implement best practices, compared to their happier peers.
Unfortunately, the survey finds that mature DevOps practices are rare among organizations. Most government developers surveyed—88 percent of them—felt that their organization’s practices have not yet gotten there.
Luckily, the survey also offers some ideas on what changes organizations can make that would help mature their processes.
Ranging from quickly automating security tools, implementing security analyses, and even how these organizations set expectations for their developers and educate them on new application security information, the DevSecOps Community Survey offers multiple lines of effort that organizations can use to advance their DevOps practice.
To dive deeper into the DevSecOps Community Survey Government Edition, click HERE.