Insights, Challenges, and AI in Action

Discover Key Insights on 2023 DevSecOps Trends and Challenges in the Synopsys Report – AI, Security Tools, and More!

Synopsys, Inc. has officially released its “2023 Global DevSecOps State” report, delving into the strategies, tools, and practices that impact software security. The Synopsys Cybersecurity Research Centre conducted this comprehensive report, which is based on a survey carried out by Censuswide and involved more than 1,000 IT professionals from around the globe. This diverse group included developers, application security experts, DevOps engineers, CISOs, as well as professionals in technology, cybersecurity, and software development.

The survey uncovered that over 80% of participants encountered a critical security issue affecting their DevOps delivery schedule over the past year. To mitigate these vulnerabilities and enhance security, the adoption of DevSecOps, a framework that emphasizes security testing throughout all phases of the software development life cycle (SDLC), has proven to be highly effective.

Jason Schmitt, General Manager of the Synopsys Software Integrity Group, highlighted the challenges faced by organizations in implementing DevSecOps methods, especially at an enterprise level. He noted difficulties in integrating and prioritizing results from various application security testing tools and enforcing security and compliance policies automatically through infrastructure-as-code, a practice considered essential for program success.

Key findings from the report include:

  1. Most security professionals are currently utilizing AI to enhance their software security measures, with 52% of respondents actively employing AI. However, 76% express concerns about potential errors or issues with AI-based cybersecurity solutions.
  2. Remediation timelines in many organizations can stretch over weeks. Approximately 28% of respondents indicated that their organizations take up to three weeks to patch critical security risks and vulnerabilities in deployed applications, while an additional 20% stated it could take up to a month, despite most exploits surfacing within days.
  3. Application security testing tools, such as dynamic application security testing (DAST), interactive application security testing (IAST), static application security testing (SAST), and software composition analysis (SCA), were deemed useful by at least two-thirds of participants. SAST was identified as the most highly regarded AST tool, with 72% finding it useful, closely followed by IAST (69%), SCA (68%), and DAST (67%).
  4. Responsibilities for security testing are evenly shared between internal security and development/engineering teams. Software developers and engineers (45%) are equally responsible for conducting security tests on critical applications and continuous improvement pipelines, much like internal security team members (46%). Additionally, one-third (33%) of organizations are enlisting external consultants to complement internal efforts.

The “State of DevSecOps 2023” report from Synopsys sheds light on the evolving landscape of software security. It highlights the crucial role of DevSecOps in mitigating vulnerabilities and explores the adoption of AI in enhancing security measures. This report provides valuable insights into the challenges faced by organizations in implementing DevSecOps practices and offers a roadmap for addressing these issues. As the digital world continues to advance, staying ahead in software security is imperative, and the findings from this report will undoubtedly contribute to informed decision-making and strategic planning for businesses and professionals alike.