Preserving code history and using build scripts are also highly established, while signing metadata and requiring a two-person review process have the most room for growth.
Among all the practices that SLSA and NIST SSDF promote, using application-level security scanning as part of continuous integration/continuous delivery (CI/CD) systems for production releases was the most common practice, with 63% of respondents saying this was “very” or “completely” established. Overall, we found surprisingly broad adoption of emerging security practices, with a majority of respondents reporting at least partial adoption of every practice we asked about. Together, these two frameworks allowed us to explore both the technical and non-technical aspects that influence how an organization implements and thinks about software security practices. To do this, we used the Supply-chain Levels for Secure Artifacts (SLSA) framework, as well as the NIST’s Secure Software Development Framework (SSDF).
To analyze the relationship between security and DevOps, we explored the topic of software supply chain security, which the survey only touched upon lightly in previous years. Year after year, Accelerate State of DevOps Reports provide data-driven industry insights that examine the capabilities and practices that drive software delivery, as well as operational and organizational performance. Over the past eight years, more than 33,000 professionals around the world have taken part in the Accelerate State of DevOps survey, making it the largest and longest-running research of its kind. With this in mind, Google Cloud’s DevOps Research and Assessment ( DORA) team decided to focus on security for the 2022 Accelerate State of DevOps Report, which is out today. Between that and other malicious attacks, security continues to be top of mind for organizations as they work to keep customer data safe and their businesses up and running.
In 2021, more than 22 billion records were exposed because of data breaches, with several huge companies falling victim.
0 kommentar(er)
