Breaches related to open source components in applications have soared by 50% since 2017, according to a new study from Sonatype urging developers to adopt DevSecOps practices.
The security vendor polled over 2000 IT professionals to compile its 2018 DevSecOps Community Survey.
The findings chime with a Sonatype study in March which found that one in eight open source components downloaded in the UK last year contained known security vulnerabilities — a 120% year-on-year increase.
It also echoes a new CA Veracode report, which claimed last week that only 52% of global developers update open source components when a new vulnerability is announced.
Overall, one in three respondents to the Sonatype study had or suspected a breach due to web app vulnerabilities in the past 12 months.
The report revealed a need for automated application security testing to tackle cybersecurity issues and improve business productivity.
For example, developers outnumber security professionals by 100:1, while 48% of respondents claimed they don’t have enough time to spend on application security.
The good news is that DevOps seems to be a pathway to DevSecOps: those with mature DevOps practices are 24% more likely to have deployed automated security practices throughout their development lifecycle.
What’s more, 59% of DevOps companies are building more security automation into their development process as awareness around GDPR compliance grows.
Overall, the use of DevSecOps practices grew 15% among respondents.
“As more software is layered into an ecosystem, more automation will make management less challenging,” explained SJ Technologies senior DevOps advocate, Chris Short. “Automating security tooling into container-based workflows will become a critical piece of every major organization's security posture. Remember, always be shifting left.”