With more than 22 billion records exposed through data breaches in 2021, some large companies have been compromised, and security concerns remain a top business priority.With this in mind, Google’s DORA (DevOps Research and Assessment) team released a 2022 Accelerate State of DevOps Reportwith a focus on security.this reportBased on a survey of 1,350 professionals, 68% of whom work in development, engineering, or IT operations and infrastructure, covering some large (10,000+ employees) and small (20-99 employees) organization.
To analyze the relationship between security and DevOps, the report explores the topic of software supply chain security.In the absence of CI/CD, adopting SLSA(software artifact supply chain) framework andSSDF(Secure Software Development Framework) and other best practices are challenging. “Without this critical infrastructure, it’s difficult for organizations to ensure that a consistent set of scanners, linters, and tests are running against the software artifacts they create.”
Data shows that of all practices promoted by SLSA and NIST SSDF, using application-level security scanning as part of a production-released CI/CD system is the most common practice, with 63% of respondents saying it is “very” or “very” Completely” established.Followed by History preserved and Build script, Metadata signed and two-person review have the greatest room for development.
another keyfound that,Software security is associated with a culture of collaboration. “We found that the biggest predictor of an organization’s application development security practices was culture, not technology: a high-trust, low-blame culture focused on performance was more likely to be more vulnerable to emerging security practices than a low-trust, high-blame culture focused on power or rules are 1.6 times more likely to have above-average adoption.”
The report also looked atSoftware delivery and operational performance.ThatUse four key metricsDevOps teams were categorized: deployment frequency, change lead time, average recovery time, and change failure rate, along with a fifth metric they introduced last year, reliability. From these five indicators,The highest score is delivering multiple deployments per day, deploying changes from code to production in no more than a week, restoring service within a day, and changing failure rates of no more than 15%.
Overall, performance this year has declined, the report said. The notable difference from last year is that this year did not have any outstanding outperformance. Underperforming businesses also increased, from 7% in 2021 to 19% this year. They speculate that the pandemic and its aftermath hinder innovation and knowledge sharing,resulting in an increase in the number of high performers and underperformers;But this conclusion is not supported by actual data.
In addition, the use of cloud computing continues to grow. Public cloud usage is 76%, up from 56% in 2021. Only 10.5% said they are not using the cloud at all (including private clouds). “Respondents using cloud computing are 14% more likely to exceed organizational performance goals.” More than 50% of respondents use multiple cloud providers,And this group“Exhibited 1.4x better organizational performance”.
See the full report for more details.
#Googles #State #DevOps #report #Team #culture #important #technology #software #security