Secure DevOps: Fact or Fiction? SANS Survey Finds Enterprises Are Not Fixing Security Vulnerabilities

Bethesda, MD, October 30, 2018 – The new SANS survey, Secure DevOps: Fact or Fiction?, finds that fewer than half (46%) of respondents are confronting security risks up front in requirements and service design—and only half of respondents are fixing major vulnerabilities. Survey results will be released in webcasts November 8 and 9.

“Modern business, especially mobile and cloud computing, demands a rapid and agile approach to app development. Yet, security is being left behind, and its requirements are not being addressed early enough in the software design life cycle,” said SANS Senior Analyst Barbara Filkins. “And protecting legacy apps is still a diversion,” she added.

“While achieving DevOps is still aspirational for most organizations, secure DevOps is even more challenging,” said SANS analyst and survey co-author Jim Bird. “What we found in our research is that while DevOps—and AppSec—programs focus on engineering, on finding better tools and on following better practices, the biggest challenges in secure DevOps are organizational, not technical. To succeed, secure DevOps needs every level of management, not just the CISO, to buy in.”

The report notes that for secure DevOps, security teams can better collaborate and communicate, protect both legacy and emerging apps and plan resources to deal with evolving platforms.

Full survey results, along with actionable takeaways for security and risk management leaders, will be shared during a two-part webcast sponsored by Aqua SecurityCA VeracodeQualysRapid7Signal SciencesWhiteHat Security and hosted by SANS.

Register to attend the November 8 webcast at 1 p.m. EST at https://www.sans.org/webcasts/107425 to learn how practitioners are handling evolving DevOps requirements and challenges, and the November 9 webcast at 1 p.m. EST at
https://www.sans.org/webcasts/107960 to learn about incorporating security into the software development lifecycle. Those who register will also receive access to the published results paper developed by Jim Bird and Barbara Filkins.

Tweet This:

SANS Secure DevOps Survey | Learn how organizations are integrating security into AppDev | Nov. 8 |
https://www.sans.org/webcasts/107425

SANS Secure DevOps Survey | Organizations still fighting legacy and technical debt issues | Nov. 9 |
https://www.sans.org/webcasts/107960

Organizations are integrating security into AppDev, but still fighting legacy and technical debt issues | Part 1,
https://www.sans.org/webcasts/107425 | Part 2, https://www.sans.org/webcasts/107960