pdf

Extending devsecops security controls cloud survey 39910.pdf
Extending Devsecops Security Controls Cloud Survey 39910

SANS survey on integrating security controls into DevOps pipelines and cloud environments.

This page contains AI generated content. Errors or omissions may be present. Use human level critical thinking.
  • Q: What is the top challenge in implementing DevSecOps?
    A: Insufficient budget/funding (44.4%).
  • Q: What percentage of organizations use cloud-hosted virtual machines?
    A: Nearly 36% for production workloads.
  • Q: What is the 'Paved Road' concept?
    A: Providing developers with secure-by-default templates, tools, and services to make the secure path the easiest path.
  • Q: What are the top three riskiest programming languages identified?
    A: JavaScript (58.5%), Java (50.7%), and .NET (33.8%).
  • Q: What percentage of organizations perform security testing during the 'Requirements/Use Case' phase?
    A: 39.5%.
  • Q: What is 'Configuration Security Monitoring' (CSM)?
    A: Tools that automatically verify configuration settings and enforce hardening policies to prevent drift.
  • Q: What percentage of organizations repair critical vulnerabilities in less than 24 hours?
    A: Only 8.2%.
  • Q: What is the most common Continuous Integration (CI) tool?
    A: On-premises open source tools like Jenkins (56.3%).
  • Q: What percentage of organizations have fully automated security metrics?
    A: Only 5%.
  • Q: What is 'Shift Left'?
    A: Moving security testing and reviews earlier in the development lifecycle (e.g., during design/coding).
  • Q: What is 'Shift Right'?
    A: Focusing on operational security, monitoring, and incident response in the production environment.
  • Q: What percentage of respondents use AWS?
    A: 85%.
  • Q: What percentage of respondents use Microsoft Azure?
    A: 84%.
  • Q: What is the 'Escape Rate'?
    A: The number of security issues discovered after deployment to production.

Ask a question

Have a doubt or need clarification?



I’m here to help. Share your question, and I’ll get back to you with the guidance you need regarding the course.

Thank you!

I have received your message and I shall get back to you shortly.