Report: Only 10% of organizations had a higher budget for cybersecurity, despite the growing threat landscape


Couldn’t attend Transform 2022? Discover all the summit sessions now in our on-demand library! Look here.

GitLab Inc.’s Sixth Annual Global DevSecOps Survey found that cybersecurity is the top priority and area of ​​investment for devops teams this year, but most organizations aren’t actually investing more money in their security programs. . Only 10% of respondents say they have received an additional budget for security, which is surprising after a year of rising cyber threats.

Image source: GitLab.

Another source of tension is that developers and security professionals remain at odds over security ownership and identification of vulnerabilities. Half of security professionals report that developers fail to identify cybersecurity issues, attributing 75% of vulnerabilities to developers.

Meanwhile, 70% of teams release code continuously, once a day or every few days, and the seemingly conflicting goals of delivery speed and security exacerbate the challenges security and development teams face when they collaborate.

As such, it’s no surprise that cybersecurity is now the number one area of ​​investment – even on cloud computing. But for developers to focus on identifying security issues, they need the right tools. And according to the survey, the current sprawl of the toolchain is not helping.


MetaBeat 2022

MetaBeat will bring together thought leaders to advise on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, California.

register here

Currently, 40% of developers spend between a quarter and half of their time maintaining or integrating complex toolchains, which is more than double the percentage in 2021. This significant increase in just one year is notable, indicating a growing problem for developers. .

Consolidating the toolchain dramatically reduces the time developers have to spend maintaining their tools, which means they can spend more time identifying security issues and improving performance. transparency with their security teams. Likewise, having fewer tools protects against supply chain risks and means fewer vendor risk assessments, threat models and potentially vulnerable third-party libraries and components, as well as a reduced landscape of penetration tests and security scans.

A single platform makes it easier for developers and security professionals to move left while providing the investment in security needed to protect against the ever-changing threat landscape.


The survey, conducted in May 2022, was made up of 5,001 respondents, including developers, operations and cybersecurity practitioners, and leaders of organizations around the world. The margin of error for the total sample (n=5001) is 1.4%.

Read the full GitLab report.

VentureBeat’s mission is to be a digital public square for technical decision makers to learn about transformative enterprise technology and conduct transactions. Discover our Briefings.


Comments are closed.