Subj : Most firms say DevSecOps needs to up its game to be effective
To   : All
From : TechnologyDaily
Date : Mon Apr 24 2023 10:30:04

Most firms say DevSecOps needs to up its game to be effective

Date:
Mon, 24 Apr 2023 09:13:03 +0000

Description:
Vulnerabilities are still slipping through while developers waste their time 
on mundane tasks.

FULL STORY
======================================================================

Siloed teams, the growing complexity of hybrid and multi-cloud environments, 
as well as the persistent reliance on manual processes all make 
vulnerabilities easier to slip into production environments, and harder to 
spot and address. 

Without improved effectiveness in DevSecOps, vulnerability exploits will 
continue rising both in numbers and destructive power. 

This is according to a new report from Dynatrace, which surveyed 1,300 chief 
information security officers (CISOs) in large organizations around the 
world, finding 75% agree the prevalence of team silos and point solutions 
throughout the DevSecOps lifecycle makes it easier for vulnerabilities to 
slip into production. DevSecOps risk 

Furthermore, Dynatrace found four in five (81%) of CISOs say they expect to 
see more vulnerability exploits if they cant make DevSecOps work more 
effectively - despite just 12% of organizations saying they have a mature 
DevSecOps culture. 

While Dynatrace does not detail what mature DevSecOps culture entails, it did 
say that 86% of CISOS see AI and automation as critical to the success. 

In fact, 77% of CISOs say its a significant challenge to prioritize 
vulnerabilities because they lack information about the risk these 
vulnerabilities pose to their environment, and 58% of the vulnerability 
alerts that security scanners alone flag as critical are not important in 
production. Individual DevSecOps team member spends more than a quarter (28%) 
of their time on vulnerability management tasks that could be automated. With 
automation, each member could free up to 11 hours of their time - each week. 
Read more 

> What is DevOps? 


 > How to cut your companys DevOps costs, according to the experts 


 > These are the best firewalls right now 

Also, three-quarters (76%) of CISOs believe the time between discovering a 
zero-day attack and being able to patch every endpoint presents a significant 
challenge. 

According to Bernd Greifeneder, Chief Technology Officer at Dynatrace, 
businesses should use solutions that converge observability and security data 
and are powered by trusted AI and intelligent automation. 

DevSecOps is short for Development, Security, and Operations, and generally 
refers to a business approach in which product security is not an 
afterthought or something thats addressed at the end of a products 
development cycle, but rather something thats baked in throughout the entire 
IT lifecycle and is a shared responsibility of multiple teams. Here are the 
best malware removal tools at the moment



======================================================================
Link to news story:
https://www.techradar.com/news/most-firms-say-devsecops-needs-to-up-its-game-t
o-be-effective


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.