Did you miss a session from MetaBeat 2022? Head over to the on-demand library for all of our featured sessions here.
>>Don’t miss our special issue: How Data Privacy Is Transforming Marketing.<<
For the last eight years, Google Cloud and DORA have produced the Accelerate State of DevOps report, hearing from 33,000 professionals along the way. The research focuses on examining how certain capabilities and practices predict the outcomes that we consider central to devops: software delivery performance, operational performance and organizational performance. It also focuses on the factors that underlie other outcomes like burnout and satisfaction with one’s team.
In 2021, Google Cloud found that securing the software supply chain is essential to reaching many important outcomes. With this year’s report, the research dug deeper on software supply chain security, making it a primary theme of the survey and report.
Overall, the report found that the biggest predictor of an organization’s application-development security practices was cultural, not technical: high-trust, low-blame cultures focused on performance were significantly more likely to adopt emerging security practices than low-trust, high-blame cultures focused on power or rules.
Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.
Another key finding of the report is that cloud usage is predictive of organizational performance. Companies with software initially built on and for the cloud tend to have higher organizational performance. Those who use multiple public clouds are 1.4x more likely to have above-average organizational performance than those who don’t.
It also found early evidence suggesting that security scanning is effective at finding vulnerable dependencies, resulting in fewer vulnerabilities in production code.
With these findings in mind, the report concludes that the adoption of good application development security practices were also correlated with additional benefits.
- Devops teams that focus on establishing these security practices have reduced developer burnout; teams with low levels of security practices have 1.4x greater odds of having high levels of burnout than teams with high levels of security.
- Teams that focus on establishing security practices are significantly more likely to recommend their team to someone else.
- Supply-chain Levels for Secure Artifacts (SLSA)-related security practices positively predict both organizational performance and software delivery performance, but this effect needs strong continuous integration capabilities in place to fully emerge.
The target population for this survey was practitioners and leaders working in, or closely with, technology and transformations, especially those familiar with devops. The survey was promoted via email lists, online promotions, an online panel, social media, and by asking people to share the survey with their networks (that is, snowball sampling).
Read the full report from Google Cloud.