Research reveals link between developer happiness and application security, but breaches remain at troubling levels

Immersive Labs

Happy developers are 3.6x less likely to neglect security when it comes to code quality, 2020 DevSecOps Community Survey finds. 28% of mature organisations suffered an open source breach in past 12 months

A new report today reveals the findings of its seventh annual DevSecOps Community Survey, which uncovers an intrinsic link between developer happiness and application security hygiene, and an alarming level of application breaches. The survey is the DevSecOps community’s most comprehensive and longest-running study.

For the first time ever, the findings prove the correlation between developer happiness and application security hygiene, with happy developers 3.6x less likely to neglect security when it comes to code quality. Happy developers are also 2.3x more likely to have automated security tools in place, and 1.3x more likely to follow open source security policies. In addition, the findings showed that developers working within mature DevOps practices are 1.5x more likely to enjoy their work, and 1.6x more likely to recommend their employer to prospects, highlighting the significant role DevSecOps transformations play in both application security and developers’ job satisfaction.

The study also revealed that 28% of mature organisations are aware of an open source component-related breach in the past 12 months, compared to 19% of respondents with immature DevOps practices. While breaches appear higher for mature DevOps practices, industry advocates point to cultural differences that reward open communication, welcome new information, and encourage tighter collaboration between developer and security tribes.

“Developer happiness based on mature DevOps practices is fundamental to the quality and delivery of secure software,” said Derek Weeks, Vice President at Sonatype. “By introducing mature DevOps practices, businesses can not only innovate faster, they can enhance their development teams’ job satisfaction, and ultimately differentiate themselves as employers – critical when so many companies face significant skills shortages and increased competition.”

Additional findings from the report include:

  • Development velocity is accelerating rapidly: 55% of respondents deploy code to production at least once per week, compared to 47% of respondents in 2019. As year over year velocity increased, 47% developers continued to admit that while security was important, but they did not have time to spend on it – a finding consistent with the same survey in 2018 (48%) and 2019 (48%).
  • Automated security investments are highest, with open source governance (44%), web application firewalls (59%), and intrusion detection (42%). The greatest differences in investment priorities between mature and immature DevOps programs are seen across Container Security, with mature practices investing 2.2x more than immature practices; this is closely followed by investments in Dynamic Analysis (DAST) and Software Composition Analysis (SCA), with 2.1x and 1.9x more respectfully,

The full report with these findings and others is available here.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/