Making DevOps news this week, Puppet released its annual State of DevOps report. This year’s study focuses on integrating security into the software delivery lifecycle. It finds that “Organizations with a high level of security integration are not only more confident in their security posture and view security as a shared responsibility across teams, but are also able to deploy on-demand more frequently, remediate vulnerabilities faster, prioritize security improvements over feature delivery, and halt a push to production to address a security issue.”
Taking an industry by industry approach to its analysis, the report finds that Financial Services scored a C- when it comes to security integration. Often weighed down with technical debt, only 33% were able to prioritize automating security controls over feature delivery. Retail was reported to have a C+ security integration rating despite just 32% having significant or full security integration, the lowest of all industries examined. The tech industry fares best overall with an A-.