DEVSECOPS PRACTICES AND OPEN SOURCE om c . MANAGEMENT IN 2020 5 b i g u th A SURVEY OF 1,500 IT PROFESSIONALS TABLE OF CONTENTS Introduction.................................................................................................................................................................................2 Section 1: Survey Highlights.......................................................................................................................................................4 DevOps and the secure SDLC....................................................................................................................................................................................................... 5 DevSecOps tools............................................................................................................................................................................................................................. 7 Open source selection and governance..................................................................................................................................................................................... 8 Open source security and patching...........................................................................................................................................................................................10 m o Open source project sustainability............................................................................................................................................................................................12 Conclusion: Developing security in depth for the SDLC.........................................................................................................................................................13 c . 5 Section 2: Full Survey Results..................................................................................................................................................15 b u Respondent demographics.........................................................................................................................................................................................................16 Questions........................................................................................................................................................................................................................................18 h t i g DEVSECOPS PRACTICES AND OPEN SOURCE MANAGEMENT IN 2020 | synopsys.com | 1 m o b u h t i INTRODUCTION g DEVSECOPS PRACTICES AND OPEN SOURCE MANAGEMENT IN 2020 c . 5 | synopsys.com | 2 In August 2020, the Synopsys Cybersecurity Research Center (CyRC) and Censuswide, an international market research consultancy, conducted a survey of 1,500 IT professionals with DevSecOps as part of their role and who work in cyber security, software development, software engineering, and web development. The group was recruited to take part in an online survey focused on DevSecOps practices and open source use. Participants came from the United States, the United Kingdom, Finland, Germany, China, Singapore, and Japan, with at least 50 respondents from each country. The survey is part of CyRC’s ongoing research into cyber security practices and is intended as a complement to Synopsys’ annual Open Source Security and Risk Analysis (OSSRA) report. This survey reports on the tools organizations in the business of building software are employing to integrate open source management into their DevOps practice. As the 2020 OSSRA report1 details, almost 100% of the 1,200+ audited codebases in that report contained open source components or libraries, with open source making up 70% of the codebases themselves. Gartner’s report, “Market Guide for Software Composition Analysis,”2 relates that due to the prevalence of open source in modern software development, corporate interest in software composition analysis (SCA) tools used to manage open source is growing rapidly, with inquiries to the analyst firm on the topic increasing nearly 40% from 2019 to 2020. m o b u h t i g c . 5 While the OSSRA report provides an in-depth snapshot of the current state of open source security, compliance, and code quality risk, this survey reports on the tools organizations in the business of building software are employing to integrate open source management into their

pdf文档 Synopsys - DEVSECOPS PRACTICES AND OPEN SOURCE MANAGEMENT IN 2020 英文版

安全报告 > 安全 > 文档预览
中文文档 24 页 50 下载 1000 浏览 0 评论 0 收藏 3.0分
温馨提示:本文档共24页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
Synopsys - DEVSECOPS PRACTICES AND OPEN SOURCE MANAGEMENT IN 2020 英文版 第 1 页 Synopsys - DEVSECOPS PRACTICES AND OPEN SOURCE MANAGEMENT IN 2020 英文版 第 2 页 Synopsys - DEVSECOPS PRACTICES AND OPEN SOURCE MANAGEMENT IN 2020 英文版 第 3 页
下载文档到电脑,方便使用
本文档由 路人甲2022-06-17 03:20:28上传分享
给文档打分
您好可以输入 255 个字符
网站域名是多少( 答案:github5.com )
评论列表
  • 暂时还没有评论,期待您的金玉良言
热门文档
站内资源均来自网友分享或网络收集整理,若无意中侵犯到您的权利,敬请联系我们微信(点击查看客服),我们将及时删除相关资源。