2023年全球DevSecOps现状调查

SYIOpsSYIOps/S2023年2023年DevSecOps现状调查34%33%34%33%关于Synopsys《2023年关于DevOps和DevSecOpsASOC/ASPM在DevSecOps中的应用日益Synopsys《2023年DevSecOps现2023年DevSecOps现状调查关于Synopsys《2023年DevSecOps现状2023年初，Synopsys网络安全研究中心(CyRC)联合国关于DevOps和DevSecOpsDevSecOps在涉及软件开发的各个组织中35%35%应快速的发布周期应快速的发布周期/持33%33%不准确/不准确/不可靠2023年DevSecOps现状调查2023年DevSecOps现状调查关于Synopsys《2023年关于DevOps和DevSecOpsASOC/ASPM在DevSecOps中的应用日益Synopsys《2023年DevSecOps现2023年DevSecOps现状调查2023年DevSecOps现状调查2023年2023年DevSecOps现状调查关于Synopsys《2023年关于DevOps和DevSecOpsASOC/ASPM在DevSecOps中的应用日益Synopsys《2023年DevSecOps现2023年DevSecOps现状调查ASOC/ASPM在DevSecOps中的应用日本报告对处于DevSecOps不同成熟阶段的组织进行了考鉴于这1,000名受访者中的大多数人都对其正在使用的28%28%2023年DevSecOps现状调查2023年2023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查Synopsys《2023年DevSecOps现状大多数DevOps团队都在某种程度上采用了DevSecOps用DevSecOps方法论现已成为软件开发的一部分。29%的受访者表示，他们拥有跨职能部门有效实施DevSecOps存在许多障碍(31%)以及优先事项的不断变化(30%)。建/部署工作流中是安全计划取得成功的关键重大漏洞/安全问题以某种形式影响了他们的工作进度。访者认为自动AST“非常有用”几乎所有的受访者都认为AST工具与其业务需求数据来帮助解决问题(29%)。52%的安全专业人员已经开始在DevSecOps活动2023年DevSecOps现状调查2023Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性2023年DevSecOps现状调查DevSecOps部署DevOps的既定组成部分。8.5%24.1%34.3%24.5%8.5%有效DevSecOps面临的挑战2023年DevSecOps现状调查2023年DevSecOps现状调查2023年DevSecOps现状调查2023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性有效DevSecOps面临的挑战到自动测试(28%)。35.1%29.9%29.6%29.3%29.1%28.6%28.5%28.4%28.2%27.9%27.6%2023年2023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性有效DevSecOps面临的挑战计划，可以借助BSIMM或软件保障成熟度模型(SoftwareAssuranceMaturityModel,SAMM)评估所获得的信息，为(SecurityChampions)计划。33%33%图C通过BSIMM和SAMM等模型对软件安全性进行正式评估的有效性.33.6%35.8%有用(33.6%35.8%69.4%18.1%8.4%没用(18.1%8.4%26.5%2023年DevSecOps现状调查2023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性有效DevSecOps面临的挑战46.0%45.1%37.6%46.0%45.1%37.6%35.5%32.9%开发人员/软件工程师质量保证/测试团队DevSecOps团队还是其他方式质量保证/测试团队跨职能领域的DevSecOps团队跨职能领域的DevSecOps团队2023年2023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性有效DevSecOps面临的挑战果开展测试DAST就需要开发者和安全专家对测试结果进不知道/不确定52.6%44.2%43.7%43.0%0.2%Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性有效DevSecOps面临的挑战本次调查要求受访者选择评估其DevSecOps计划成功与访者提到了这一点(28%)。29.0%28.3%27.6%27.4%27.0%24.4%23.8%22.8%22.3%我们没有用来评估DevSecOps活动成功与否的主要KPI1.1%2023年DevSecOps现状调查3.8%2023年DevSecOps现状调查3.8%2023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性有效DevSecOps面临的挑战(IAST)、静态应用安全测试(SAST)和软件组成分析(SCA)工DAST(67%)。其AST工具箱中开展某种形式的SCA二进制分析。针对安全漏洞和其他缺陷的自动代码扫描(SAST)动态应用安全测试(DAST)有用(净占比)71.5%没用(净占比)有用(净占比)71.5%没用(净占比)29.2%有用(净占比)67.1%3.4%3.6%25.0%交互式应用安全测试(IAST)开源/第三方依赖性分析交互式应用安全测试(IAST)有用(净占比)67.6%没用(净占比)28.1%4.3%有用(净占比)68.5%没用(净占比)27.7%20232023年DevSecOps现状调查0.2%20230.2%2023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性有效DevSecOps面临的挑战每周4-6天每周2-3天每2-3周一次每3-5个月一次每6-11个月一次7.1%17.2%20.4%17.0%11.1%每周4-6天每周2-3天每2-3周一次每3-5个月一次每6-11个月一次0%图I贵组织平均需要多长时间才能修补/处理已2-3周3周-1个月2-3周3周-1个月2-4个月4-6个月26.4%28.3%19.9%8.4%5.5%4.7%0%2.2%2023年DevSecOps现状调查2023年DevSecOps现状调查2023年DevSecOps现状调查图J在过去的一年（2022-2023年图J在过去的一年（2022-2023年解决一个重大安全/漏洞问题对贵组织的软件交付计划产生了多Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性有效DevSecOps面临的挑战42.7%38.4%有影响42.7%38.4%有影响(净占比)81.1%没影响(净占比)18.9%1.8%没影响(净占比)18.9%1.8%17.2%2023年DevSecOps现状调查20232023年DevSecOps现状调查2023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性有效DevSecOps面临的挑战有效DevSecOps面临的挑战coaches)、敏捷项目管理人员(scrummasters)和DevOps开发人员/工程师的安全培训不足/无效应用安全人员/技能短缺开发/运维工作缺乏透明性安全计划和工具的预算/资金不足33.9%31.4%31.3%30.4%29.4%29.1%29.0%2023年2023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性有效DevSecOps面临的挑战AST工具碎片化和修复速度缓慢正是应用安全编排与关联(ASOC)和应用安全态势管理(ASPM)旨在解决的问复工作进行优先级排序34.7%工具因速度太慢而无法适应快速发布周期/持续部署___034.1%性价比低33.5%不准确/不可靠33.1%误报率高32.2%无法整合/关联来自不同工具的结果—029.0%没有重大问题3.1%Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性图N您预计使用AI工具将对贵组织的DevSecOps 036.5%-011.0%否(净占比)47.5%53.7%53.7% 052.0% 048.4%0.9%有效DevSecOps面临的挑战2023年DevSecOps现状调查2023年2023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查DevSecOps部署跨职能团队对DevSecOps取得成功的重要性有效DevSecOps面临的挑战且训练Copilot服务所使用的开源代码也侵犯了45.1%44.2%42.0%41.6%2023年DevSecOps现状调查Synopsys《2023年DevSecOps现I2023年DevSecOps现状调查DevSecOps部署担心(净占比)76.6%中立/没感觉16.2%51.3%25.4%担心(净占比)76.6%中立/没感觉16.2%51.3%25.4%1.2%6.0%跨职能团队对DevSecOps取得成功的重要性有效DevSecOps面临的挑战7.2%议创建的恶意软件包已经存在于PyPI和npm等流行的软2023年DevSecOps现状调查2023年2023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查经验教训虽然大多数组织在很大程度上采用了某些DevSecOps实受的是AST工具无法根据业务需求对漏洞修补进行优先级开发和运维团队希望AppSec能够帮助他们集中查看所有2023年的调查结果中得到了印证—28%的受访者已经开些都是我们DevSecOps调查受访者的特征。DevSecOps团队并使用多种应用安全测试工具的组织来SoftwareSoftwareRiskManager：兑现ASPM的承诺•简化AppSec管理•全面了解AppSec风险•规范AppSec工作流立即联系Synopsys，安排观看SoftwareRiskManager的2023年DevSecOps现状调查2023年2023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查受访者特征18%6%6%6%银行/金融15%5%电信/ISP13%应用/软件开发4%7%4%7%4%2%0.5%3%3%2%0.5%3%3%3%非盈利机构/协会事故和安全经理信息保障总监软件安全工程经理运维工程师AppSec产品安全人员程序员QA/测试人员/测试经理发布工程师/经理安全管理员/安全分析师安全架构师安全总监安全工程经理产品安全高级总监产品安全和技2023年DevSecOps现状调查19%501–1,00012%19%501–1,00012%2,001–5,0002%不到10019%1,001–2,00015%100–5002023年DevSecOps现状调查Synopsys《2023年DevSecOps现2023年DevSecOps现状调查受访者特征受访者的国家/数量中国:135美国:128芬兰:127英国:127德国:126法国:125新加坡:1251%超过100,0004%50,001–100,000该组织创建/管理的软件/应用工程/科学软件7%15,001–50,0008%10,001–15,00046%44%42%38%37%35%31%13%5,001–10,00035%30%30%30%29%29%28%28%28%28%28%12.00%18.40%5.60%8.80%8.80%9.60%4.00%3.20%4.00%3.20%4.80%4.00%3.20%3.20%2.40%4.00%0.80%9.52%10.32%12.00%18.40%5.60%8.80%8.80%9.60%4.00%3.20%4.00%3.20%4.80%4.00%3.20%3.20%2.40%4.00%0.80%9.52%10.32%1.59%9.52%11.11%3.97%11.11%7.14%3.17%5.56%5.56%4.76%4.76%6.35%3.17%2.38%0.00%12.60%14.96%14.17%5.51%10.24%6.30%4.72%8.66%3.94%3.94%3.94%3.15%3.15%1.57%1.57%0.79%0.79%18.45%14.52%12.66%7.26%6.87%5.59%5.50%5.10%4.12%4.02%3.63%3.14%2.85%2.55%1.67%1.57%0.49%14.40%20.00%20.00%4.00%4.80%7.20%5.60%6.40%4.00%4.00%0.80%2.40%1.60%3.20%0.80%0.00%0.80%9.52%15.08%20.63%9.52%4.76%6.35%7.14%4.76%3.17%3.17%7.94%1.59%1.59%1.59%0.79%1.59%0.79%10.24%17.32%4.72%3.94%6.30%6.30%7.09%5.51%6.30%7.09%3.15%5.51%5.51%3.94%3.94%2.36%0.79%42.96%7.41%26.67%13.33%2.22%0.00%0.74%2.22%1.48%0.00%0.74%0.74%0.00%0.74%0.00%0.74%0.00%应用/软件开发银行/金融电信/ISP非盈利机构/协会Synopsys《2023年DevSecOps现2023年DevSecOps现状调查34.38%34.38%13.28%7.03%3.13%7.03%5.47%3.91%3.13%7.03%5.47%2.34%3.13%3.13%0.00%0.78%0.78%0.00%2023年DevSecOps现状调查2023年DevSecOps2023年DevSecOps现状调查1.60%6.40%16.00%16.00%8.80%17.60%16.80%10.40%6.40%0.00%1.57%15.11%19.04%18.65%12.37%13.05%8.44%6.67%4.42%0.69%2.40%20.80%23.20%15.20%16.00%7.20%3.20%4.00%4.00%4.00%0.00%12.60%14.96%19.69%18.11%15.75%1.60%6.40%16.00%16.00%8.80%17.60%16.80%10.40%6.40%0.00%1.57%15.11%19.04%18.65%12.37%13.05%8.44%6.67%4.42%0.69%2.40%20.80%23.20%15.20%16.00%7.20%3.20%4.00%4.00%4.00%0.00%12.60%14.96%19.69%18.11%15.75%8.66%6.30%3.15%0.79%3.70%14.81%8.89%37.78%5.93%20.00%2.96%0.74%5.19%0.00%3.17%19.84%30.16%10.32%9.52%7.14%11.11%6.35%2.38%0.00%1.57%11.02%14.96%15.75%22.83%18.11%10.24%3.94%1.57%0.00%0.00%19.05%21.43%15.87%7.14%6.35%5.56%17.46%7.14%0.00%100–500501–1,0001,001–2,0002,001–5,0005,001–10,00010,001–15,00015,001–50,00050,001–100,00036.80%39.20%39.20%30.40%35.20%30.40%29.60%0.00%34.13%34.92%37.30%30.16%33.33%38.89%30.16%0.00%70.37%67.41%68.89%65.19%57.04%57.04%42.22%0.00%48.00%40.00%40.80%28.80%32.00%27.20%20.80%0.00%37.01%30.71%44.09%39.37%32.28%31.50%29.92%0.00%37.30%41.27%28.57%33.33%29.37%30.16%30.16%0.79%40.94%42.52%27.56%29.13%30.71%25.20%29.13%0.79%46.03%44.06%41.71%38.27%36.60%35.23%30.91%0.20%工程/科学软件Synopsys《2023年DevSecOps现2023年DevSecOps现状调查0.00%0.00%16.41%23.44%17.19%10.94%11.72%9.38%4.69%5.47%0.78%0.78%61.72%61.72%54.69%45.31%47.66%41.41%39.84%34.38%0.00%0.00%2023年DevSecOps现状调查32.80%25.60%30.40%27.20%20.80%24.80%17.60%28.00%28.00%20.00%25.60%0.00%19.84%22.22%23.02%19.84%28.57%23.81%32.80%25.60%30.40%27.20%20.80%24.80%17.60%28.00%28.00%20.00%25.60%0.00%19.84%22.22%23.02%19.84%28.57%23.81%23.02%18.25%19.84%15.08%22.22%0.00%33.60%29.60%24.80%31.20%21.60%32.80%24.80%20.00%24.80%28.00%22.40%0.00%56.30%44.44%49.63%41.48%41.48%48.15%48.15%51.85%47.41%48.15%48.15%0.00%32.28%32.28%23.62%28.35%29.13%28.35%30.71%19.69%25.98%24.41%20.47%0.79%28.57%24.60%33.33%23.02%26.98%21.43%27.78%18.25%23.81%32.54%15.08%0.00%35.43%25.20%19.69%22.83%27.56%18.90%22.05%29.13%23.62%19.69%23.62%0.00%35.13%29.93%29.64%29.34%29.05%28.56%28.46%28.36%28.16%27.87%27.58%Synopsys《2023年DevSecOps现2023年DevSecOps现状调查40.63%40.63%34.38%31.25%39.84%35.16%28.91%32.03%39.84%30.47%33.59%41.41%0.00%0.10%0.00%2023年DevSecOps现状调查69.38%33.56%35.82%18.06%8.44%26.50%4.12%试(SAST)69.38%33.56%35.82%18.06%8.44%26.50%4.12%试(SAST)71.54%34.35%37.19%17.37%7.65%25.02%3.43%76.56%46.09%30.47%10.94%8.59%19.53%3.91%65.87%27.78%38.10%17.46%11.90%29.37%4.76%76.00%33.60%42.40%16.80%5.60%22.40%1.60%78.74%38.58%40.16%18.11%2.36%20.47%0.79%62.70%22.22%40.48%19.05%7.14%26.19%11.11%62.20%29.13%33.07%22.05%13.39%35.43%2.36%97.04%54.07%42.96%2.96%0.00%2.96%0.00%55.20%17.60%37.60%26.40%14.40%40.80%97.04%54.07%42.96%2.96%0.00%2.96%0.00%55.20%17.60%37.60%26.40%14.40%40.80%4.00%71.25%32.09%39.16%16.78%7.56%24.34%4.42%78.91%46.88%32.03%12.50%3.13%15.63%5.47%62.70%24.60%38.10%20.63%11.90%32.54%4.76%73.60%32.00%41.60%16.80%8.00%24.80%1.60%81.10%35.43%45.67%13.39%3.15%16.54%2.36%52.38%19.05%33.33%26.98%9.52%36.51%11.11%66.93%25.20%41.73%15.75%11.02%26.77%6.30%2023年DevSecOps通过BSIMM和SAMM等模型对软件安全性进行正式评估55.91%24.41%31.50%25.20%11.81%37.01%7.09%94.81%57.04%37.78%3.70%0.74%4.44%0.74%67.20%28.80%38.40%16.80%10.40%27.20%5.60%79.69%47.66%32.03%79.69%47.66%32.03%10.94%7.03%17.97%2.34%57.94%26.98%30.95%23.02%16.67%39.68%2.38%71.20%25.60%45.60%17.60%8.80%26.40%2.40%70.87%30.71%40.16%25.20%2.36%27.56%1.57%55.56%25.40%30.16%23.02%10.32%33.33%11.11%94.07%54.07%40.00%5.93%0.00%5.93%0.00%54.40%21.60%32.80%29.60%12.80%42.40%3.20%2023年DevSecOps现状调查开源/第三方依赖性分析(SCA)67.62%30.32%37.29%19.73%8.34%28.07%4.32%75.00%33.59%41.41%16.41%5.47%开源/第三方依赖性分析(SCA)67.62%30.32%37.29%19.73%8.34%28.07%4.32%75.00%33.59%41.41%16.41%5.47%21.88%3.13%61.11%23.81%37.30%22.22%11.90%34.13%4.76%73.60%32.00%41.60%18.40%6.40%24.80%1.60%74.80%30.71%44.09%22.05%1.57%23.62%1.57%55.56%17.46%38.10%21.43%15.08%36.51%7.94%50.39%22.05%28.35%25.98%14.17%40.16%9.45%62.32%25.02%37.29%19.73%9.52%29.24%8.44%75.00%35.94%39.06%12.50%4.69%17.19%7.81%53.97%27.78%26.19%23.02%18.25%41.27%4.76%58.40%17.60%40.80%22.40%4.80%27.20%14.40%68.50%23.62%44.88%18.90%9.45%28.35%3.15%46.83%12.70%34.13%26.98%11.90%38.89%14.29%50.39%19.69%30.71%18.90%14.96%33.86%15.75%Synopsys《2023年DevSecOps现2023年DevSecOps现状调查94.81%60.74%34.07%5.19%0.00%5.19%0.00%53.60%20.00%33.60%27.20%12.80%40.00%6.40%53.54%18.11%35.43%29.13%10.24%39.37%7.09%72.00%35.20%36.80%16.80%7.20%24.00%4.00%96.30%48.89%47.41%3.70%0.00%3.70%0.00%54.40%17.60%36.80%24.80%15.20%40.00%5.60%56.35%23.02%33.33%56.35%23.02%33.33%20.63%17.46%38.10%5.56%80.31%43.31%37.01%16.54%3.15%19.69%0.00%71.88%71.88%37.50%34.38%19.53%7.03%26.56%1.56%67.91%67.91%30.23%37.68%19.33%8.64%27.97%4.12%56.35%16.67%39.68%24.60%9.52%34.13%9.52%88.15%42.96%45.19%10.37%0.74%11.11%0.74%55.20%18.40%36.80%25.60%12.00%37.60%7.20%2023年DevSecOps现状调查68.50%31.11%37.39%18.06%9.62%27.67%3.83%68.50%31.11%37.39%18.06%9.62%27.67%3.83%68.99%33.17%35.82%18.25%8.73%26.99%4.02%78.13%39.84%38.28%14.84%6.25%21.09%0.78%55.56%21.43%34.13%23.02%14.29%37.30%7.14%66.40%32.00%34.40%20.00%10.40%30.40%3.20%78.74%36.22%42.52%15.75%3.94%19.69%1.57%58.73%26.19%32.54%19.05%11.90%30.95%10.32%62.99%33.86%29.13%19.69%11.02%30.71%6.30%91.11%46.67%44.44%7.41%0.74%8.15%0.74%49.60%20.00%29.60%28.80%18.40%47.20%91.11%46.67%44.44%7.41%0.74%8.15%0.74%49.60%20.00%29.60%28.80%18.40%47.20%3.20%67.12%29.44%37.68%19.63%9.62%29.24%3.63%74.22%38.28%35.94%16.41%6.25%22.66%3.13%62.70%27.78%34.92%20.63%12.70%33.33%3.97%76.80%36.80%40.00%16.80%5.60%22.40%0.80%74.80%29.92%44.88%17.32%6.30%23.62%1.57%57.14%18.25%38.89%18.25%15.08%33.33%9.52%48.82%16.54%32.28%32.28%12.60%44.88%6.30%2023年DevSecOps交互式应用安全测试(IAST)60.63%22.05%38.58%18.11%14.17%32.28%7.09%96.30%54.07%42.22%3.70%0.00%3.70%0.00%53.60%24.00%29.60%24.80%14.40%39.20%7.20%72.66%35.16%37.50%72.66%35.16%37.50%20.31%6.25%26.56%0.78%53.97%18.25%35.71%21.43%18.25%39.68%6.35%75.20%34.40%40.80%15.20%9.60%24.80%0.00%77.17%37.01%40.16%18.11%3.15%21.26%1.57%56.35%22.22%34.13%23.81%11.90%35.71%7.94%97.78%52.59%45.19%2.22%0.00%2.22%0.00%51.20%21.60%29.60%32.80%12.80%45.60%3.20%2023年DevSecOps现状调查Synopsys《2023年DevSecOps现Synopsys《2023年DevSecOps现2023年DevSecOps现状调查66.93%29.93%37.00%18.65%9.42%28.07%5.00%69.77%32.58%37.19%17.86%9.62%27.48%2.75%67.12%29.83%37.29%18.45%9.91%28.36%4.51%69.28%32.29%37.00%18.84%8.34%27.18%3.53%79.69%38.28%41.41%13.28%3.91%17.19%3.13%82.81%47.66%35.16%8.59%7.03%15.63%1.56%82.81%40.63%42.19%7.81%7.03%14.84%2.34%72.66%36.72%35.94%17.19%7.81%25.00%2.34%57.60%21.60%36.00%24.00%12.80%36.80%5.60%53.60%20.00%33.60%27.20%16.00%43.20%3.20%56.80%21.60%35.20%24.00%12.00%36.00%7.20%56.00%19.20%36.80%31.20%11.20%42.40%1.60%57.94%24.60%33.33%19.84%18.25%38.10%3.97%57.14%22.22%34.92%19.05%20.63%39.68%3.17%53.97%21.43%32.54%19.84%17.46%37.30%8.73%58.73%25.40%33.33%23.81%10.32%34.13%7.14%73.60%29.60%44.00%14.40%8.80%23.20%3.20%74.40%35.20%39.20%19.20%5.60%24.80%0.80%67.20%24.80%42.40%19.20%10.40%29.60%3.20%71.20%33.60%37.60%17.60%10.40%28.00%0.80%91.11%49.63%41.48%6.67%1.48%8.15%0.74%97.78%50.37%47.41%1.48%0.74%2.22%0.00%96.30%54.07%42.22%3.70%0.00%3.70%0.00%95.56%57.04%38.52%3.70%0.74%4.44%0.00%74.80%39.37%35.43%17.32%6.30%23.62%1.57%74.02%41.73%32.28%22.05%1.57%23.62%2.36%71.65%36.22%35.43%22.05%5.51%27.56%0.79%77.95%32.28%45.67%18.11%1.57%19.69%2.36%50.00%14.29%35.71%25.40%9.52%34.92%15.08%57.94%17.46%40.48%25.40%9.52%34.92%7.14%52.38%16.67%35.71%23.81%18.25%42.06%5.56%60.32%27.78%32.54%17.46%13.49%30.95%8.73%48.82%20.47%28.35%29.13%14.96%44.09%7.09%58.27%24.41%33.86%21.26%16.54%37.80%3.94%53.54%21.26%32.28%28.35%9.45%37.80%8.66%59.84%24.41%35.43%22.83%11.81%34.65%5.51%软件供应链管理/监控2023年DevSecOps现状调查10.40%34.40%33.60%20.00%1.60%0.00%12.70%26.19%36.51%21.43%3.17%0.00%4.80%16.00%40.00%28.00%11.20%0.00%11.02%29.13%35.43%14.96%9.45%0.00%2.22%9.63%21.48%48.89%17.78%0.00%12.70%26.98%36.51%10.40%34.40%33.60%20.00%1.60%0.00%12.70%26.19%36.51%21.43%3.17%0.00%4.80%16.00%40.00%28.00%11.20%0.00%11.02%29.13%35.43%14.96%9.45%0.00%2.22%9.63%21.48%48.89%17.78%0.00%12.70%26.98%36.51%19.05%4.76%0.00%8.54%24.14%34.25%24.53%8.54%11.02%28.35%33.07%22.05%5.51%0.00%7.07%17.17%20.41%16.98%11.09%7.16%7.46%6.38%4.42%1.67%0.00%3.17%11.11%20.63%16.67%12.70%7.94%3.97%7.14%10.32%6.35%0.00%0.00%3.70%37.04%27.41%17.78%5.19%5.19%2.22%1.48%0.00%0.00%0.00%0.00%4.72%11.81%14.96%18.11%18.11%12.60%11.02%3.15%4.72%0.79%0.00%0.00%2.40%11.20%14.40%19.20%14.40%5.60%18.40%7.20%6.40%0.80%0.00%0.00%11.11%17.46%17.46%17.46%9.52%9.52%5.56%8.73%2.38%0.79%0.00%0.00%3.94%15.75%18.90%16.54%11.02%6.30%7.87%7.87%7.87%2.36%0.00%1.57%19.20%15.20%28.00%14.40%5.60%5.60%3.20%5.60%1.60%1.60%0.00%0.00%每周4-6天每周2-3天每2-3周一次每3-5个月一次每6-11个月一次Synopsys《2023年DevSecOps现2023年DevSecOps现状调查Q7.您认为贵组织当前的软件安全项目/计划的成熟度属于哪一级3.91%3.91%23.44%38.28%20.31%14.06%0.00%0.00%0.00%8.59%8.59%16.41%21.09%15.63%12.50%4.69%7.81%10.16%2.34%0.78%0.00%0.00%0.20%0.00%2023年DevSecOps现状调查47.20%45.60%29.60%33.60%0.00%0.00%51.59%47.62%45.24%44.44%0.00%0.00%50.39%43.31%42.52%46.46%0.79%0.00%68.89%63.70%68.15%58.52%0.00%0.00%44.80%40.00%39.20%37.60%0.80%0.00%40.48%34.92%35.71%47.20%45.60%29.60%33.60%0.00%0.00%51.59%47.62%45.24%44.44%0.00%0.00%50.39%43.31%42.52%46.46%0.79%0.00%68.89%63.70%68.15%58.52%0.00%0.00%44.80%40.00%39.20%37.60%0.80%0.00%40.48%34.92%35.71%39.68%0.00%0.00%50.40%37.60%40.00%36.00%0.00%0.00%52.61%44.15%43.66%43.07%0.20%0.00%不知道/不确定80.80%24.80%56.00%18.40%0.80%19.20%89.68%54.76%34.92%7.94%2.38%10.32%80.00%33.60%46.40%17.60%2.40%20.00%79.26%60.74%18.52%20.00%0.74%20.74%92.91%33.86%59.06%7.09%0.00%7.09%66.67%31.75%34.92%28.57%4.76%33.33%72.44%24.41%48.03%25.20%2.36%27.56%81.06%38.37%42.69%17.17%1.77%18.94%有影响(净占比)Synopsys《2023年DevSecOps现2023年DevSecOps现状调查65.63%65.63%39.06%46.88%46.88%0.00%0.00%0.00%86.72%86.72%41.41%45.31%12.50%0.78%13.28%没影响(净占比)13.28%2023年DevSecOps现状调查46.40%44.00%34.40%32.00%31.20%0.00%0.00%38.89%42.86%38.89%30.95%38.10%0.79%0.00%41.73%44.88%33.86%39.37%28.35%0.00%0.00%67.41%63.70%51.11%48.15%32.59%0.00%0.00%36.80%33.60%32.80%28.80%28.00%0.00%46.40%44.00%34.40%32.00%31.20%0.00%0.00%38.89%42.86%38.89%30.95%38.10%0.79%0.00%41.73%44.88%33.86%39.37%28.35%0.00%0.00%67.41%63.70%51.11%48.15%32.59%0.00%0.00%36.80%33.60%32.80%28.80%28.00%0.00%0.00%46.03%42.86%30.95%27.78%28.57%0.00%0.00%39.37%34.65%41.73%31.50%29.92%0.00%0.00%46.03%45.14%37.59%35.53%32.88%0.10%0.00%跨职能的DevSecOps团队3.20%10.40%28.00%26.40%14.40%8.80%8.00%0.00%0.80%0.00%14.29%23.02%32.54%11.90%11.11%4.76%0.00%2.38%4.61%26.40%28.26%19.92%8.44%5.50%4.71%0.00%2.16%5.51%25.98%26.77%21.26%11.81%4.72%1.57%0.00%2.36%6.67%57.04%29.63%4.44%1.48%0.74%0.00%0.00%0.00%2.38%23.81%30.95%17.46%10.32%6.35%3.17%0.00%5.56%0.00%14.96%33.86%22.83%9.45%3.94%9.45%0.00%5.51%11.20%40.80%24.80%16.00%3.20%3.20%0.80%0.00%0.00%2-3周3周-1个月2-4个月4-6个月Synopsys《2023年DevSecOps现2023年DevSecOps现状调查50.00%50.00%53.13%35.94%44.53%46.09%0.00%0.00%Q12.贵组织平均需要多长时间才能修补/处理已部署的或正在使用的应用程序中的重大安全风险/漏洞7.81%7.81%21.88%28.91%19.53%5.47%5.47%10.16%0.00%0.78%2023年DevSecOps现状调查26.40%30.40%25.60%24.80%26.40%25.60%23.20%25.60%17.60%0.80%0.00%24.60%29.37%23.02%34.13%19.84%27.78%26.98%22.22%23.81%0.00%0.00%28.80%24.00%28.00%24.00%28.80%21.60%17.60%25.60%16.00%0.00%0.00%40.00%26.40%30.40%25.60%24.80%26.40%25.60%23.20%25.60%17.60%0.80%0.00%24.60%29.37%23.02%34.13%19.84%27.78%26.98%22.22%23.81%0.00%0.00%28.80%24.00%28.00%24.00%28.80%21.60%17.60%25.60%16.00%0.00%0.00%40.00%30.37%31.11%32.59%27.41%25.93%24.44%15.56%28.15%0.00%0.00%27.56%24.41%24.41%21.26%26.77%25.20%22.83%21.26%30.71%1.57%0.00%23.02%20.63%33.33%23.81%27.78%23.02%15.08%14.29%21.43%6.35%0.00%27.56%33.07%24.41%27.56%25.98%22.05%30.71%29.13%22.83%0.00%0.00%28.95%28.26%27.58%27.38%26.50%24.44%23.75%22.77%22.28%1.08%0.00%我们没有用来评估DevSecOps活动成功与否的主要KPI35.20%32.80%28.00%32.80%21.60%22.40%29.60%0.00%0.00%35.71%31.75%29.37%27.78%23.02%29.37%30.95%0.79%0.00%27.20%28.80%28.80%27.20%32.80%24.80%26.40%1.60%0.00%32.59%46.67%36.30%43.70%22.96%29.63%28.89%1.48%0.00%31.50%23.62%35.43%29.13%37.01%28.35%31.50%2.36%0.00%32.54%30.95%26.98%26.19%28.57%23.81%29.37%2.38%0.00%33.07%25.98%27.56%25.20%30.71%31.50%24.41%4.72%0.00%33.86%31.40%31.31%30.42%29.44%29.05%28.95%2.06%0.00%开发人员/工程师的安全培训不足/无效应用安全人员/技能短缺开发/运维工作缺乏透明性安全计划和工具的预算/资金不足Synopsys《2023年DevSecOps现2023年DevSecOps现状调查Q13.您用来评估DevSecOps活32.81%32.81%33.59%30.47%30.47%28.91%24.22%28.91%28.91%17.19%0.00%0.00%Q14.贵组织中实施DevSecOps的挑战/障42.97%42.97%29.69%37.50%30.47%39.06%42.19%30.47%3.13%0.00%2023年DevSecOps现状调查工具因速度太慢而无法适应快速发布周期/持续部署不准确/不可靠无法整合/关联来自不同工具的结果34.74%34.15%33.46%33.07%32.19%28.95%3.14%0.00%29.60%40.00%34.40%28.00%27.20%26.40%工具因速度太慢而无法适应快速发布周期/持续部署不准确/不可靠无法整合/关联来自不同工具的结果34.74%34.15%33.46%33.07%32.19%28.95%3.14%0.00%29.60%40.00%34.40%28.00%27.20%26.40%21.60%0.00%0.00%26.98%38.89%34.13%33.33%27.78%28.57%26.98%0.79%0.00%40.74%28.15%32.59%32.59%40.74%35.56%33.33%0.74%0.00%39.20%32.80%27.20%32.00%31.20%21.60%20.80%0.80%0.00%26.77%28.35%31.50%36.22%23.62%37.01%35.43%0.00%0.00%30.95%31.75%22.22%30.95%25.40%19.84%27.78%1.59%0.00%36.22%22.05%34.65%28.35%32.28%29.92%25.20%2.36%0.00%33.56%32.58%32.48%32.29%30.03%28.95%27.58%0.79%0.00%通过基础架构即代码来执行安全/合规策略将自动安全测试集