2023年全球DevSecOps現(xiàn)狀調(diào)查

SYIOpsSYIOps/S2023年2023年DevSecOps現(xiàn)狀調(diào)查34%33%34%33%關(guān)于Synopsys《2023年關(guān)于DevOps和DevSecOpsASOC/ASPM在DevSecOps中的應(yīng)用日益Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查關(guān)于Synopsys《2023年DevSecOps現(xiàn)狀2023年初，Synopsys網(wǎng)絡(luò)安全研究中心(CyRC)聯(lián)合國關(guān)于DevOps和DevSecOpsDevSecOps在涉及軟件開發(fā)的各個(gè)組織中35%35%應(yīng)快速的發(fā)布周期應(yīng)快速的發(fā)布周期/持33%33%不準(zhǔn)確/不準(zhǔn)確/不可靠2023年DevSecOps現(xiàn)狀調(diào)查2023年DevSecOps現(xiàn)狀調(diào)查關(guān)于Synopsys《2023年關(guān)于DevOps和DevSecOpsASOC/ASPM在DevSecOps中的應(yīng)用日益Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查2023年DevSecOps現(xiàn)狀調(diào)查2023年2023年DevSecOps現(xiàn)狀調(diào)查關(guān)于Synopsys《2023年關(guān)于DevOps和DevSecOpsASOC/ASPM在DevSecOps中的應(yīng)用日益Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查ASOC/ASPM在DevSecOps中的應(yīng)用日本報(bào)告對(duì)處于DevSecOps不同成熟階段的組織進(jìn)行了考鑒于這1,000名受訪者中的大多數(shù)人都對(duì)其正在使用的28%28%2023年DevSecOps現(xiàn)狀調(diào)查2023年2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)狀大多數(shù)DevOps團(tuán)隊(duì)都在某種程度上采用了DevSecOps用DevSecOps方法論現(xiàn)已成為軟件開發(fā)的一部分。29%的受訪者表示，他們擁有跨職能部門有效實(shí)施DevSecOps存在許多障礙(31%)以及優(yōu)先事項(xiàng)的不斷變化(30%)。建/部署工作流中是安全計(jì)劃取得成功的關(guān)鍵重大漏洞/安全問題以某種形式影響了他們的工作進(jìn)度。訪者認(rèn)為自動(dòng)AST“非常有用”幾乎所有的受訪者都認(rèn)為AST工具與其業(yè)務(wù)需求數(shù)據(jù)來幫助解決問題(29%)。52%的安全專業(yè)人員已經(jīng)開始在DevSecOps活動(dòng)2023年DevSecOps現(xiàn)狀調(diào)查2023Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署DevOps的既定組成部分。8.5%24.1%34.3%24.5%8.5%有效DevSecOps面臨的挑戰(zhàn)2023年DevSecOps現(xiàn)狀調(diào)查2023年DevSecOps現(xiàn)狀調(diào)查2023年DevSecOps現(xiàn)狀調(diào)查2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性有效DevSecOps面臨的挑戰(zhàn)到自動(dòng)測(cè)試(28%)。35.1%29.9%29.6%29.3%29.1%28.6%28.5%28.4%28.2%27.9%27.6%2023年2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性有效DevSecOps面臨的挑戰(zhàn)計(jì)劃，可以借助BSIMM或軟件保障成熟度模型(SoftwareAssuranceMaturityModel,SAMM)評(píng)估所獲得的信息，為(SecurityChampions)計(jì)劃。33%33%圖C通過BSIMM和SAMM等模型對(duì)軟件安全性進(jìn)行正式評(píng)估的有效性.33.6%35.8%有用(33.6%35.8%69.4%18.1%8.4%沒用(18.1%8.4%26.5%2023年DevSecOps現(xiàn)狀調(diào)查2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性有效DevSecOps面臨的挑戰(zhàn)46.0%45.1%37.6%46.0%45.1%37.6%35.5%32.9%開發(fā)人員/軟件工程師質(zhì)量保證/測(cè)試團(tuán)隊(duì)DevSecOps團(tuán)隊(duì)還是其他方式質(zhì)量保證/測(cè)試團(tuán)隊(duì)跨職能領(lǐng)域的DevSecOps團(tuán)隊(duì)跨職能領(lǐng)域的DevSecOps團(tuán)隊(duì)2023年2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性有效DevSecOps面臨的挑戰(zhàn)果開展測(cè)試DAST就需要開發(fā)者和安全專家對(duì)測(cè)試結(jié)果進(jìn)不知道/不確定52.6%44.2%43.7%43.0%0.2%Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性有效DevSecOps面臨的挑戰(zhàn)本次調(diào)查要求受訪者選擇評(píng)估其DevSecOps計(jì)劃成功與訪者提到了這一點(diǎn)(28%)。29.0%28.3%27.6%27.4%27.0%24.4%23.8%22.8%22.3%我們沒有用來評(píng)估DevSecOps活動(dòng)成功與否的主要KPI1.1%2023年DevSecOps現(xiàn)狀調(diào)查3.8%2023年DevSecOps現(xiàn)狀調(diào)查3.8%2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性有效DevSecOps面臨的挑戰(zhàn)(IAST)、靜態(tài)應(yīng)用安全測(cè)試(SAST)和軟件組成分析(SCA)工DAST(67%)。其AST工具箱中開展某種形式的SCA二進(jìn)制分析。針對(duì)安全漏洞和其他缺陷的自動(dòng)代碼掃描(SAST)動(dòng)態(tài)應(yīng)用安全測(cè)試(DAST)有用(凈占比)71.5%沒用(凈占比)有用(凈占比)71.5%沒用(凈占比)29.2%有用(凈占比)67.1%3.4%3.6%25.0%交互式應(yīng)用安全測(cè)試(IAST)開源/第三方依賴性分析交互式應(yīng)用安全測(cè)試(IAST)有用(凈占比)67.6%沒用(凈占比)28.1%4.3%有用(凈占比)68.5%沒用(凈占比)27.7%20232023年DevSecOps現(xiàn)狀調(diào)查0.2%20230.2%2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性有效DevSecOps面臨的挑戰(zhàn)每周4-6天每周2-3天每2-3周一次每3-5個(gè)月一次每6-11個(gè)月一次7.1%17.2%20.4%17.0%11.1%每周4-6天每周2-3天每2-3周一次每3-5個(gè)月一次每6-11個(gè)月一次0%圖I貴組織平均需要多長(zhǎng)時(shí)間才能修補(bǔ)/處理已2-3周3周-1個(gè)月2-3周3周-1個(gè)月2-4個(gè)月4-6個(gè)月26.4%28.3%19.9%8.4%5.5%4.7%0%2.2%2023年DevSecOps現(xiàn)狀調(diào)查2023年DevSecOps現(xiàn)狀調(diào)查2023年DevSecOps現(xiàn)狀調(diào)查圖J在過去的一年（2022-2023年圖J在過去的一年（2022-2023年解決一個(gè)重大安全/漏洞問題對(duì)貴組織的軟件交付計(jì)劃產(chǎn)生了多Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性有效DevSecOps面臨的挑戰(zhàn)42.7%38.4%有影響42.7%38.4%有影響(凈占比)81.1%沒影響(凈占比)18.9%1.8%沒影響(凈占比)18.9%1.8%17.2%2023年DevSecOps現(xiàn)狀調(diào)查20232023年DevSecOps現(xiàn)狀調(diào)查2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性有效DevSecOps面臨的挑戰(zhàn)有效DevSecOps面臨的挑戰(zhàn)coaches)、敏捷項(xiàng)目管理人員(scrummasters)和DevOps開發(fā)人員/工程師的安全培訓(xùn)不足/無效應(yīng)用安全人員/技能短缺開發(fā)/運(yùn)維工作缺乏透明性安全計(jì)劃和工具的預(yù)算/資金不足33.9%31.4%31.3%30.4%29.4%29.1%29.0%2023年2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性有效DevSecOps面臨的挑戰(zhàn)AST工具碎片化和修復(fù)速度緩慢正是應(yīng)用安全編排與關(guān)聯(lián)(ASOC)和應(yīng)用安全態(tài)勢(shì)管理(ASPM)旨在解決的問復(fù)工作進(jìn)行優(yōu)先級(jí)排序34.7%工具因速度太慢而無法適應(yīng)快速發(fā)布周期/持續(xù)部署___034.1%性價(jià)比低33.5%不準(zhǔn)確/不可靠33.1%誤報(bào)率高32.2%無法整合/關(guān)聯(lián)來自不同工具的結(jié)果—029.0%沒有重大問題3.1%Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性圖N您預(yù)計(jì)使用AI工具將對(duì)貴組織的DevSecOps 036.5%-011.0%否(凈占比)47.5%53.7%53.7% 052.0% 048.4%0.9%有效DevSecOps面臨的挑戰(zhàn)2023年DevSecOps現(xiàn)狀調(diào)查2023年2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性有效DevSecOps面臨的挑戰(zhàn)且訓(xùn)練Copilot服務(wù)所使用的開源代碼也侵犯了45.1%44.2%42.0%41.6%2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)I2023年DevSecOps現(xiàn)狀調(diào)查DevSecOps部署擔(dān)心(凈占比)76.6%中立/沒感覺16.2%51.3%25.4%擔(dān)心(凈占比)76.6%中立/沒感覺16.2%51.3%25.4%1.2%6.0%跨職能團(tuán)隊(duì)對(duì)DevSecOps取得成功的重要性有效DevSecOps面臨的挑戰(zhàn)7.2%議創(chuàng)建的惡意軟件包已經(jīng)存在于PyPI和npm等流行的軟2023年DevSecOps現(xiàn)狀調(diào)查2023年2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查經(jīng)驗(yàn)教訓(xùn)雖然大多數(shù)組織在很大程度上采用了某些DevSecOps實(shí)受的是AST工具無法根據(jù)業(yè)務(wù)需求對(duì)漏洞修補(bǔ)進(jìn)行優(yōu)先級(jí)開發(fā)和運(yùn)維團(tuán)隊(duì)希望AppSec能夠幫助他們集中查看所有2023年的調(diào)查結(jié)果中得到了印證—28%的受訪者已經(jīng)開些都是我們DevSecOps調(diào)查受訪者的特征。DevSecOps團(tuán)隊(duì)并使用多種應(yīng)用安全測(cè)試工具的組織來SoftwareSoftwareRiskManager：兌現(xiàn)ASPM的承諾?簡(jiǎn)化AppSec管理?全面了解AppSec風(fēng)險(xiǎn)?規(guī)范AppSec工作流立即聯(lián)系Synopsys，安排觀看SoftwareRiskManager的2023年DevSecOps現(xiàn)狀調(diào)查2023年2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查受訪者特征18%6%6%6%銀行/金融15%5%電信/ISP13%應(yīng)用/軟件開發(fā)4%7%4%7%4%2%0.5%3%3%2%0.5%3%3%3%非盈利機(jī)構(gòu)/協(xié)會(huì)事故和安全經(jīng)理信息保障總監(jiān)軟件安全工程經(jīng)理運(yùn)維工程師AppSec產(chǎn)品安全人員程序員QA/測(cè)試人員/測(cè)試經(jīng)理發(fā)布工程師/經(jīng)理安全管理員/安全分析師安全架構(gòu)師安全總監(jiān)安全工程經(jīng)理產(chǎn)品安全高級(jí)總監(jiān)產(chǎn)品安全和技2023年DevSecOps現(xiàn)狀調(diào)查19%501–1,00012%19%501–1,00012%2,001–5,0002%不到10019%1,001–2,00015%100–5002023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查受訪者特征受訪者的國家/數(shù)量中國:135美國:128芬蘭:127英國:127德國:126法國:125新加坡:1251%超過100,0004%50,001–100,000該組織創(chuàng)建/管理的軟件/應(yīng)用工程/科學(xué)軟件7%15,001–50,0008%10,001–15,00046%44%42%38%37%35%31%13%5,001–10,00035%30%30%30%29%29%28%28%28%28%28%12.00%18.40%5.60%8.80%8.80%9.60%4.00%3.20%4.00%3.20%4.80%4.00%3.20%3.20%2.40%4.00%0.80%9.52%10.32%12.00%18.40%5.60%8.80%8.80%9.60%4.00%3.20%4.00%3.20%4.80%4.00%3.20%3.20%2.40%4.00%0.80%9.52%10.32%1.59%9.52%11.11%3.97%11.11%7.14%3.17%5.56%5.56%4.76%4.76%6.35%3.17%2.38%0.00%12.60%14.96%14.17%5.51%10.24%6.30%4.72%8.66%3.94%3.94%3.94%3.15%3.15%1.57%1.57%0.79%0.79%18.45%14.52%12.66%7.26%6.87%5.59%5.50%5.10%4.12%4.02%3.63%3.14%2.85%2.55%1.67%1.57%0.49%14.40%20.00%20.00%4.00%4.80%7.20%5.60%6.40%4.00%4.00%0.80%2.40%1.60%3.20%0.80%0.00%0.80%9.52%15.08%20.63%9.52%4.76%6.35%7.14%4.76%3.17%3.17%7.94%1.59%1.59%1.59%0.79%1.59%0.79%10.24%17.32%4.72%3.94%6.30%6.30%7.09%5.51%6.30%7.09%3.15%5.51%5.51%3.94%3.94%2.36%0.79%42.96%7.41%26.67%13.33%2.22%0.00%0.74%2.22%1.48%0.00%0.74%0.74%0.00%0.74%0.00%0.74%0.00%應(yīng)用/軟件開發(fā)銀行/金融電信/ISP非盈利機(jī)構(gòu)/協(xié)會(huì)Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查34.38%34.38%13.28%7.03%3.13%7.03%5.47%3.91%3.13%7.03%5.47%2.34%3.13%3.13%0.00%0.78%0.78%0.00%2023年DevSecOps現(xiàn)狀調(diào)查2023年DevSecOps2023年DevSecOps現(xiàn)狀調(diào)查1.60%6.40%16.00%16.00%8.80%17.60%16.80%10.40%6.40%0.00%1.57%15.11%19.04%18.65%12.37%13.05%8.44%6.67%4.42%0.69%2.40%20.80%23.20%15.20%16.00%7.20%3.20%4.00%4.00%4.00%0.00%12.60%14.96%19.69%18.11%15.75%1.60%6.40%16.00%16.00%8.80%17.60%16.80%10.40%6.40%0.00%1.57%15.11%19.04%18.65%12.37%13.05%8.44%6.67%4.42%0.69%2.40%20.80%23.20%15.20%16.00%7.20%3.20%4.00%4.00%4.00%0.00%12.60%14.96%19.69%18.11%15.75%8.66%6.30%3.15%0.79%3.70%14.81%8.89%37.78%5.93%20.00%2.96%0.74%5.19%0.00%3.17%19.84%30.16%10.32%9.52%7.14%11.11%6.35%2.38%0.00%1.57%11.02%14.96%15.75%22.83%18.11%10.24%3.94%1.57%0.00%0.00%19.05%21.43%15.87%7.14%6.35%5.56%17.46%7.14%0.00%100–500501–1,0001,001–2,0002,001–5,0005,001–10,00010,001–15,00015,001–50,00050,001–100,00036.80%39.20%39.20%30.40%35.20%30.40%29.60%0.00%34.13%34.92%37.30%30.16%33.33%38.89%30.16%0.00%70.37%67.41%68.89%65.19%57.04%57.04%42.22%0.00%48.00%40.00%40.80%28.80%32.00%27.20%20.80%0.00%37.01%30.71%44.09%39.37%32.28%31.50%29.92%0.00%37.30%41.27%28.57%33.33%29.37%30.16%30.16%0.79%40.94%42.52%27.56%29.13%30.71%25.20%29.13%0.79%46.03%44.06%41.71%38.27%36.60%35.23%30.91%0.20%工程/科學(xué)軟件Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查0.00%0.00%16.41%23.44%17.19%10.94%11.72%9.38%4.69%5.47%0.78%0.78%61.72%61.72%54.69%45.31%47.66%41.41%39.84%34.38%0.00%0.00%2023年DevSecOps現(xiàn)狀調(diào)查32.80%25.60%30.40%27.20%20.80%24.80%17.60%28.00%28.00%20.00%25.60%0.00%19.84%22.22%23.02%19.84%28.57%23.81%32.80%25.60%30.40%27.20%20.80%24.80%17.60%28.00%28.00%20.00%25.60%0.00%19.84%22.22%23.02%19.84%28.57%23.81%23.02%18.25%19.84%15.08%22.22%0.00%33.60%29.60%24.80%31.20%21.60%32.80%24.80%20.00%24.80%28.00%22.40%0.00%56.30%44.44%49.63%41.48%41.48%48.15%48.15%51.85%47.41%48.15%48.15%0.00%32.28%32.28%23.62%28.35%29.13%28.35%30.71%19.69%25.98%24.41%20.47%0.79%28.57%24.60%33.33%23.02%26.98%21.43%27.78%18.25%23.81%32.54%15.08%0.00%35.43%25.20%19.69%22.83%27.56%18.90%22.05%29.13%23.62%19.69%23.62%0.00%35.13%29.93%29.64%29.34%29.05%28.56%28.46%28.36%28.16%27.87%27.58%Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查40.63%40.63%34.38%31.25%39.84%35.16%28.91%32.03%39.84%30.47%33.59%41.41%0.00%0.10%0.00%2023年DevSecOps現(xiàn)狀調(diào)查69.38%33.56%35.82%18.06%8.44%26.50%4.12%試(SAST)69.38%33.56%35.82%18.06%8.44%26.50%4.12%試(SAST)71.54%34.35%37.19%17.37%7.65%25.02%3.43%76.56%46.09%30.47%10.94%8.59%19.53%3.91%65.87%27.78%38.10%17.46%11.90%29.37%4.76%76.00%33.60%42.40%16.80%5.60%22.40%1.60%78.74%38.58%40.16%18.11%2.36%20.47%0.79%62.70%22.22%40.48%19.05%7.14%26.19%11.11%62.20%29.13%33.07%22.05%13.39%35.43%2.36%97.04%54.07%42.96%2.96%0.00%2.96%0.00%55.20%17.60%37.60%26.40%14.40%40.80%97.04%54.07%42.96%2.96%0.00%2.96%0.00%55.20%17.60%37.60%26.40%14.40%40.80%4.00%71.25%32.09%39.16%16.78%7.56%24.34%4.42%78.91%46.88%32.03%12.50%3.13%15.63%5.47%62.70%24.60%38.10%20.63%11.90%32.54%4.76%73.60%32.00%41.60%16.80%8.00%24.80%1.60%81.10%35.43%45.67%13.39%3.15%16.54%2.36%52.38%19.05%33.33%26.98%9.52%36.51%11.11%66.93%25.20%41.73%15.75%11.02%26.77%6.30%2023年DevSecOps通過BSIMM和SAMM等模型對(duì)軟件安全性進(jìn)行正式評(píng)估55.91%24.41%31.50%25.20%11.81%37.01%7.09%94.81%57.04%37.78%3.70%0.74%4.44%0.74%67.20%28.80%38.40%16.80%10.40%27.20%5.60%79.69%47.66%32.03%79.69%47.66%32.03%10.94%7.03%17.97%2.34%57.94%26.98%30.95%23.02%16.67%39.68%2.38%71.20%25.60%45.60%17.60%8.80%26.40%2.40%70.87%30.71%40.16%25.20%2.36%27.56%1.57%55.56%25.40%30.16%23.02%10.32%33.33%11.11%94.07%54.07%40.00%5.93%0.00%5.93%0.00%54.40%21.60%32.80%29.60%12.80%42.40%3.20%2023年DevSecOps現(xiàn)狀調(diào)查開源/第三方依賴性分析(SCA)67.62%30.32%37.29%19.73%8.34%28.07%4.32%75.00%33.59%41.41%16.41%5.47%開源/第三方依賴性分析(SCA)67.62%30.32%37.29%19.73%8.34%28.07%4.32%75.00%33.59%41.41%16.41%5.47%21.88%3.13%61.11%23.81%37.30%22.22%11.90%34.13%4.76%73.60%32.00%41.60%18.40%6.40%24.80%1.60%74.80%30.71%44.09%22.05%1.57%23.62%1.57%55.56%17.46%38.10%21.43%15.08%36.51%7.94%50.39%22.05%28.35%25.98%14.17%40.16%9.45%62.32%25.02%37.29%19.73%9.52%29.24%8.44%75.00%35.94%39.06%12.50%4.69%17.19%7.81%53.97%27.78%26.19%23.02%18.25%41.27%4.76%58.40%17.60%40.80%22.40%4.80%27.20%14.40%68.50%23.62%44.88%18.90%9.45%28.35%3.15%46.83%12.70%34.13%26.98%11.90%38.89%14.29%50.39%19.69%30.71%18.90%14.96%33.86%15.75%Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查94.81%60.74%34.07%5.19%0.00%5.19%0.00%53.60%20.00%33.60%27.20%12.80%40.00%6.40%53.54%18.11%35.43%29.13%10.24%39.37%7.09%72.00%35.20%36.80%16.80%7.20%24.00%4.00%96.30%48.89%47.41%3.70%0.00%3.70%0.00%54.40%17.60%36.80%24.80%15.20%40.00%5.60%56.35%23.02%33.33%56.35%23.02%33.33%20.63%17.46%38.10%5.56%80.31%43.31%37.01%16.54%3.15%19.69%0.00%71.88%71.88%37.50%34.38%19.53%7.03%26.56%1.56%67.91%67.91%30.23%37.68%19.33%8.64%27.97%4.12%56.35%16.67%39.68%24.60%9.52%34.13%9.52%88.15%42.96%45.19%10.37%0.74%11.11%0.74%55.20%18.40%36.80%25.60%12.00%37.60%7.20%2023年DevSecOps現(xiàn)狀調(diào)查68.50%31.11%37.39%18.06%9.62%27.67%3.83%68.50%31.11%37.39%18.06%9.62%27.67%3.83%68.99%33.17%35.82%18.25%8.73%26.99%4.02%78.13%39.84%38.28%14.84%6.25%21.09%0.78%55.56%21.43%34.13%23.02%14.29%37.30%7.14%66.40%32.00%34.40%20.00%10.40%30.40%3.20%78.74%36.22%42.52%15.75%3.94%19.69%1.57%58.73%26.19%32.54%19.05%11.90%30.95%10.32%62.99%33.86%29.13%19.69%11.02%30.71%6.30%91.11%46.67%44.44%7.41%0.74%8.15%0.74%49.60%20.00%29.60%28.80%18.40%47.20%91.11%46.67%44.44%7.41%0.74%8.15%0.74%49.60%20.00%29.60%28.80%18.40%47.20%3.20%67.12%29.44%37.68%19.63%9.62%29.24%3.63%74.22%38.28%35.94%16.41%6.25%22.66%3.13%62.70%27.78%34.92%20.63%12.70%33.33%3.97%76.80%36.80%40.00%16.80%5.60%22.40%0.80%74.80%29.92%44.88%17.32%6.30%23.62%1.57%57.14%18.25%38.89%18.25%15.08%33.33%9.52%48.82%16.54%32.28%32.28%12.60%44.88%6.30%2023年DevSecOps交互式應(yīng)用安全測(cè)試(IAST)60.63%22.05%38.58%18.11%14.17%32.28%7.09%96.30%54.07%42.22%3.70%0.00%3.70%0.00%53.60%24.00%29.60%24.80%14.40%39.20%7.20%72.66%35.16%37.50%72.66%35.16%37.50%20.31%6.25%26.56%0.78%53.97%18.25%35.71%21.43%18.25%39.68%6.35%75.20%34.40%40.80%15.20%9.60%24.80%0.00%77.17%37.01%40.16%18.11%3.15%21.26%1.57%56.35%22.22%34.13%23.81%11.90%35.71%7.94%97.78%52.59%45.19%2.22%0.00%2.22%0.00%51.20%21.60%29.60%32.80%12.80%45.60%3.20%2023年DevSecOps現(xiàn)狀調(diào)查Synopsys《2023年DevSecOps現(xiàn)Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查66.93%29.93%37.00%18.65%9.42%28.07%5.00%69.77%32.58%37.19%17.86%9.62%27.48%2.75%67.12%29.83%37.29%18.45%9.91%28.36%4.51%69.28%32.29%37.00%18.84%8.34%27.18%3.53%79.69%38.28%41.41%13.28%3.91%17.19%3.13%82.81%47.66%35.16%8.59%7.03%15.63%1.56%82.81%40.63%42.19%7.81%7.03%14.84%2.34%72.66%36.72%35.94%17.19%7.81%25.00%2.34%57.60%21.60%36.00%24.00%12.80%36.80%5.60%53.60%20.00%33.60%27.20%16.00%43.20%3.20%56.80%21.60%35.20%24.00%12.00%36.00%7.20%56.00%19.20%36.80%31.20%11.20%42.40%1.60%57.94%24.60%33.33%19.84%18.25%38.10%3.97%57.14%22.22%34.92%19.05%20.63%39.68%3.17%53.97%21.43%32.54%19.84%17.46%37.30%8.73%58.73%25.40%33.33%23.81%10.32%34.13%7.14%73.60%29.60%44.00%14.40%8.80%23.20%3.20%74.40%35.20%39.20%19.20%5.60%24.80%0.80%67.20%24.80%42.40%19.20%10.40%29.60%3.20%71.20%33.60%37.60%17.60%10.40%28.00%0.80%91.11%49.63%41.48%6.67%1.48%8.15%0.74%97.78%50.37%47.41%1.48%0.74%2.22%0.00%96.30%54.07%42.22%3.70%0.00%3.70%0.00%95.56%57.04%38.52%3.70%0.74%4.44%0.00%74.80%39.37%35.43%17.32%6.30%23.62%1.57%74.02%41.73%32.28%22.05%1.57%23.62%2.36%71.65%36.22%35.43%22.05%5.51%27.56%0.79%77.95%32.28%45.67%18.11%1.57%19.69%2.36%50.00%14.29%35.71%25.40%9.52%34.92%15.08%57.94%17.46%40.48%25.40%9.52%34.92%7.14%52.38%16.67%35.71%23.81%18.25%42.06%5.56%60.32%27.78%32.54%17.46%13.49%30.95%8.73%48.82%20.47%28.35%29.13%14.96%44.09%7.09%58.27%24.41%33.86%21.26%16.54%37.80%3.94%53.54%21.26%32.28%28.35%9.45%37.80%8.66%59.84%24.41%35.43%22.83%11.81%34.65%5.51%軟件供應(yīng)鏈管理/監(jiān)控2023年DevSecOps現(xiàn)狀調(diào)查10.40%34.40%33.60%20.00%1.60%0.00%12.70%26.19%36.51%21.43%3.17%0.00%4.80%16.00%40.00%28.00%11.20%0.00%11.02%29.13%35.43%14.96%9.45%0.00%2.22%9.63%21.48%48.89%17.78%0.00%12.70%26.98%36.51%10.40%34.40%33.60%20.00%1.60%0.00%12.70%26.19%36.51%21.43%3.17%0.00%4.80%16.00%40.00%28.00%11.20%0.00%11.02%29.13%35.43%14.96%9.45%0.00%2.22%9.63%21.48%48.89%17.78%0.00%12.70%26.98%36.51%19.05%4.76%0.00%8.54%24.14%34.25%24.53%8.54%11.02%28.35%33.07%22.05%5.51%0.00%7.07%17.17%20.41%16.98%11.09%7.16%7.46%6.38%4.42%1.67%0.00%3.17%11.11%20.63%16.67%12.70%7.94%3.97%7.14%10.32%6.35%0.00%0.00%3.70%37.04%27.41%17.78%5.19%5.19%2.22%1.48%0.00%0.00%0.00%0.00%4.72%11.81%14.96%18.11%18.11%12.60%11.02%3.15%4.72%0.79%0.00%0.00%2.40%11.20%14.40%19.20%14.40%5.60%18.40%7.20%6.40%0.80%0.00%0.00%11.11%17.46%17.46%17.46%9.52%9.52%5.56%8.73%2.38%0.79%0.00%0.00%3.94%15.75%18.90%16.54%11.02%6.30%7.87%7.87%7.87%2.36%0.00%1.57%19.20%15.20%28.00%14.40%5.60%5.60%3.20%5.60%1.60%1.60%0.00%0.00%每周4-6天每周2-3天每2-3周一次每3-5個(gè)月一次每6-11個(gè)月一次Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查Q7.您認(rèn)為貴組織當(dāng)前的軟件安全項(xiàng)目/計(jì)劃的成熟度屬于哪一級(jí)3.91%3.91%23.44%38.28%20.31%14.06%0.00%0.00%0.00%8.59%8.59%16.41%21.09%15.63%12.50%4.69%7.81%10.16%2.34%0.78%0.00%0.00%0.20%0.00%2023年DevSecOps現(xiàn)狀調(diào)查47.20%45.60%29.60%33.60%0.00%0.00%51.59%47.62%45.24%44.44%0.00%0.00%50.39%43.31%42.52%46.46%0.79%0.00%68.89%63.70%68.15%58.52%0.00%0.00%44.80%40.00%39.20%37.60%0.80%0.00%40.48%34.92%35.71%47.20%45.60%29.60%33.60%0.00%0.00%51.59%47.62%45.24%44.44%0.00%0.00%50.39%43.31%42.52%46.46%0.79%0.00%68.89%63.70%68.15%58.52%0.00%0.00%44.80%40.00%39.20%37.60%0.80%0.00%40.48%34.92%35.71%39.68%0.00%0.00%50.40%37.60%40.00%36.00%0.00%0.00%52.61%44.15%43.66%43.07%0.20%0.00%不知道/不確定80.80%24.80%56.00%18.40%0.80%19.20%89.68%54.76%34.92%7.94%2.38%10.32%80.00%33.60%46.40%17.60%2.40%20.00%79.26%60.74%18.52%20.00%0.74%20.74%92.91%33.86%59.06%7.09%0.00%7.09%66.67%31.75%34.92%28.57%4.76%33.33%72.44%24.41%48.03%25.20%2.36%27.56%81.06%38.37%42.69%17.17%1.77%18.94%有影響(凈占比)Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查65.63%65.63%39.06%46.88%46.88%0.00%0.00%0.00%86.72%86.72%41.41%45.31%12.50%0.78%13.28%沒影響(凈占比)13.28%2023年DevSecOps現(xiàn)狀調(diào)查46.40%44.00%34.40%32.00%31.20%0.00%0.00%38.89%42.86%38.89%30.95%38.10%0.79%0.00%41.73%44.88%33.86%39.37%28.35%0.00%0.00%67.41%63.70%51.11%48.15%32.59%0.00%0.00%36.80%33.60%32.80%28.80%28.00%0.00%46.40%44.00%34.40%32.00%31.20%0.00%0.00%38.89%42.86%38.89%30.95%38.10%0.79%0.00%41.73%44.88%33.86%39.37%28.35%0.00%0.00%67.41%63.70%51.11%48.15%32.59%0.00%0.00%36.80%33.60%32.80%28.80%28.00%0.00%0.00%46.03%42.86%30.95%27.78%28.57%0.00%0.00%39.37%34.65%41.73%31.50%29.92%0.00%0.00%46.03%45.14%37.59%35.53%32.88%0.10%0.00%跨職能的DevSecOps團(tuán)隊(duì)3.20%10.40%28.00%26.40%14.40%8.80%8.00%0.00%0.80%0.00%14.29%23.02%32.54%11.90%11.11%4.76%0.00%2.38%4.61%26.40%28.26%19.92%8.44%5.50%4.71%0.00%2.16%5.51%25.98%26.77%21.26%11.81%4.72%1.57%0.00%2.36%6.67%57.04%29.63%4.44%1.48%0.74%0.00%0.00%0.00%2.38%23.81%30.95%17.46%10.32%6.35%3.17%0.00%5.56%0.00%14.96%33.86%22.83%9.45%3.94%9.45%0.00%5.51%11.20%40.80%24.80%16.00%3.20%3.20%0.80%0.00%0.00%2-3周3周-1個(gè)月2-4個(gè)月4-6個(gè)月Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查50.00%50.00%53.13%35.94%44.53%46.09%0.00%0.00%Q12.貴組織平均需要多長(zhǎng)時(shí)間才能修補(bǔ)/處理已部署的或正在使用的應(yīng)用程序中的重大安全風(fēng)險(xiǎn)/漏洞7.81%7.81%21.88%28.91%19.53%5.47%5.47%10.16%0.00%0.78%2023年DevSecOps現(xiàn)狀調(diào)查26.40%30.40%25.60%24.80%26.40%25.60%23.20%25.60%17.60%0.80%0.00%24.60%29.37%23.02%34.13%19.84%27.78%26.98%22.22%23.81%0.00%0.00%28.80%24.00%28.00%24.00%28.80%21.60%17.60%25.60%16.00%0.00%0.00%40.00%26.40%30.40%25.60%24.80%26.40%25.60%23.20%25.60%17.60%0.80%0.00%24.60%29.37%23.02%34.13%19.84%27.78%26.98%22.22%23.81%0.00%0.00%28.80%24.00%28.00%24.00%28.80%21.60%17.60%25.60%16.00%0.00%0.00%40.00%30.37%31.11%32.59%27.41%25.93%24.44%15.56%28.15%0.00%0.00%27.56%24.41%24.41%21.26%26.77%25.20%22.83%21.26%30.71%1.57%0.00%23.02%20.63%33.33%23.81%27.78%23.02%15.08%14.29%21.43%6.35%0.00%27.56%33.07%24.41%27.56%25.98%22.05%30.71%29.13%22.83%0.00%0.00%28.95%28.26%27.58%27.38%26.50%24.44%23.75%22.77%22.28%1.08%0.00%我們沒有用來評(píng)估DevSecOps活動(dòng)成功與否的主要KPI35.20%32.80%28.00%32.80%21.60%22.40%29.60%0.00%0.00%35.71%31.75%29.37%27.78%23.02%29.37%30.95%0.79%0.00%27.20%28.80%28.80%27.20%32.80%24.80%26.40%1.60%0.00%32.59%46.67%36.30%43.70%22.96%29.63%28.89%1.48%0.00%31.50%23.62%35.43%29.13%37.01%28.35%31.50%2.36%0.00%32.54%30.95%26.98%26.19%28.57%23.81%29.37%2.38%0.00%33.07%25.98%27.56%25.20%30.71%31.50%24.41%4.72%0.00%33.86%31.40%31.31%30.42%29.44%29.05%28.95%2.06%0.00%開發(fā)人員/工程師的安全培訓(xùn)不足/無效應(yīng)用安全人員/技能短缺開發(fā)/運(yùn)維工作缺乏透明性安全計(jì)劃和工具的預(yù)算/資金不足Synopsys《2023年DevSecOps現(xiàn)2023年DevSecOps現(xiàn)狀調(diào)查Q13.您用來評(píng)估DevSecOps活32.81%32.81%33.59%30.47%30.47%28.91%24.22%28.91%28.91%17.19%0.00%0.00%Q14.貴組織中實(shí)施DevSecOps的挑戰(zhàn)/障42.97%42.97%29.69%37.50%30.47%39.06%42.19%30.47%3.13%0.00%2023年DevSecOps現(xiàn)狀調(diào)查工具因速度太慢而無法適應(yīng)快速發(fā)布周期/持續(xù)部署不準(zhǔn)確/不可靠無法整合/關(guān)聯(lián)來自不同工具的結(jié)果34.74%34.15%33.46%33.07%32.19%28.95%3.14%0.00%29.60%40.00%34.40%28.00%27.20%26.40%工具因速度太慢而無法適應(yīng)快速發(fā)布周期/持續(xù)部署不準(zhǔn)確/不可靠無法整合/關(guān)聯(lián)來自不同工具的結(jié)果34.74%34.15%33.46%33.07%32.19%28.95%3.14%0.00%29.60%40.00%34.40%28.00%27.20%26.40%21.60%0.00%0.00%26.98%38.89%34.13%33.33%27.78%28.57%26.98%0.79%0.00%40.74%28.15%32.59%32.59%40.74%35.56%33.33%0.74%0.00%39.20%32.80%27.20%32.00%31.20%21.60%20.80%0.80%0.00%26.77%28.35%31.50%36.22%23.62%37.01%35.43%0.00%0.00%30.95%31.75%22.22%30.95%25.40%19.84%27.78%1.59%0.00%36.22%22.05%34.65%28.35%32.28%29.92%25.20%2.36%0.00%33.56%32.58%32.48%32.29%30.03%28.95%27.58%0.79%0.00%通過基礎(chǔ)架構(gòu)即代碼來執(zhí)行安全/合規(guī)策略將自動(dòng)安全測(cè)試集