Joe Drumgoole is deep in thought.
MongoDB’s director of developer relations has just opened a piece of internal research that suggests as few as 29% of Europe’s developers take full responsibility for security.
Now, 29% is a somewhat arbitrary figure, cleary i.e. it could be 22.45% or it could be 39.93%… the fact that the firm has pointed to an exact sum in this way is merely intended to show that it has undertaken a degree of calculation and statistical analysis.
So, for our purposes (and for the sake of keeping ourselves sane), let’s just say that it’s around a third.
MongoDB central command says it surveyed over 1500 developers and IT decision-makers (ITDMs) across the UK, France and Germany to lay down this suggested disconnect.
But, despite the shortfall, it seems that programmers are full of bravado i.e. developers (92%) and the decision-makers (88%) reassure us that they take appropriate precautions when building new applications.
Yet just 29% of developers take full responsibility.
While the remaining point to security specialists (21%), the business leaders who briefed the project (18%), the ops team (15%) and even security members they don’t know (14%). These splits are also present in the decision-maker camp.
Strong & stable… and speedy
The suggested findings here lead Drumgoole to call for DevSecOps as a way “to reconcile strong security with speed” in the workplace.
“There is no security without first having functionality, so the responsibility should be naturally distributed across different organisations. Where companies are at risk is the battle of control and convenience taking place,” adds Drumgoole.
CISO at MongoDB Lena Smart summarises by saying that when executed properly, DevSecOps can provide deeper visibility and a better understanding of how resources are being used.