"CISOs Struggle to Manage Risk Due to DevSecOps Inefficiencies"

According to Dynatrace, as hybrid and multi-cloud environments become more complex and teams continue to rely on manual processes that make it easier for vulnerabilities to enter production environments, it becomes more difficult for CISOs to keep software secure. DevSecOps adoption is hindered by the continued use of siloed tools for development, delivery, and security tasks. This emphasizes the increasing need for observability and security to converge in order to fuel data-driven automation that enables development, security, and Information Technology (IT) operations teams to deliver faster, more secure innovation. Sixty-eight percent of CISOs report that vulnerability management has become more difficult due to the increased complexity of their software supply chain and cloud ecosystem. Before deployment in production environments, only 50 percent of CISOs are confident that the software delivered by development teams has been thoroughly tested for vulnerabilities. Additionally, 77 percent of CISOs say it is difficult to prioritize vulnerabilities due to a lack of information about the risk they pose to their environment. Fifty-eight percent of vulnerability alerts that security scanners alone flag as "critical" are not significant in production, wasting development time pursuing false positives. On average, members of development and application security teams dedicate 28 percent of their time, or 11 hours per week, on vulnerability management tasks, which could be automated. This article continues to discuss key findings from Dynatrace's report on CISOs struggling to manage risk due to DevSecOps inefficiencies.

Help Net Security reports "CISOs Struggle to Manage Risk Due to DevSecOps Inefficiencies"