A GitLab survey identified security and operational efficiency as top priorities. AI is used to solve both of these problems.

Above all, GitLab wants to use the study to show the importance of DevSecOps, an approach that brings development, security and operations teams closer together. The underlying idea is that vulnerabilities are detected as early as possible in the development process while the code is being written. A colorful mix of 5,000 respondents took part in the study, which was conducted in March.

56 percent of companies state that they use a DevSecOps strategy, in 2022 it was 47 percent. Three out of four security professionals also state that they want to work more closely with software developers in the coming years. As a result, developers also play a more important role in cybersecurity. Security experts confirm that more than a quarter of vulnerabilities in software code are discovered by developers.

Obstacles to DevSecOps

Nevertheless, not everything runs smoothly. While security and development teams seem to see the value of working together, the study finds that both departments often point fingers at each other over who bears responsibility. One of the biggest frustrations is that security testing is done too late in the development process.

Too many tools is also perceived as an obstacle to the timely detection of vulnerabilities. On average, a security professional has six to ten tools to accomplish their job, with developers and operations teams limited to a maximum of five. Managing all of these tools is a time-consuming task for employees, at the expense of the quality of security.

AI as a panacea?

Operational efficiency and security are high on the list of priorities for all respondents. In the increasingly complex IT landscape, DevSecOps teams are looking for new technologies to achieve these goals. AI grows out of you good to have to a need to have: Only 5 percent of respondents say they do not use any AI or ML technology in the verification process.

Artificial intelligence is mainly used to check code. 62 percent of those surveyed have AI code checked for errors, and 36 percent even look at it with a human eye. 53 percent also use AI for code testing.

The use of artificial aids is not without risk. Companies like Amazon and Samsung have already restricted the use of ChatGPT because developers provided internal source codes for review. Also, the output of AI-generated code cannot always be trusted. AI can certainly help with development, but it remains important that human judgment is always made.