How Do Teams Automate Security in 2020?

Dec. 21, 2020, 6:55 p.m.

TL;DR

According to the 2020 State of the OCTOVERSE report, despite the pandemic forcing most people to work remotely, developers from all over the world came together to innovate, find connections, and solve problems. In the OCTOVERSE 2020 security report, Github highlights that since software and systems are evolving, the need to build new features to maintain the infrastructure is also increasing. While the attack surfaces are evolving, teams and projects are learning how to secure software and systems.

Automating pull requests and having extensive continuous integration checks for security patches ensures faster software updates

Key Facts

1
The report suggested that many developers use Open Source to create and build projects. Additionally, research by DORA found that elite performers are 1.75 times more likely to use Open Source software than low performers.
2
The OCTOVERSE report indicated that potential vulnerabilities found in source code scaled with the number of lines of code written.
3
The report suggests that automation made it easier to integrate security in the development stage. Repositories that automatically generated a pull request to update their fixed version patched their software significantly faster than those who did not.
4
Good automation and patching practices allow you to integrate security fixes into the development stage easily and safely, ensuring overall software security.

Details

According to the 2020 OCTOVERSE Security report, automation provides developers an opportunity to secure their code. Automating security practices can help developers scale their expertise, remove security and engineering silos, and also share their expertise with the community.

The report states that a huge number of developers rely on Open Source components. The large community of developers who build software packages can also help identify and fix vulnerabilities, which will allow the software to be built quickly and more securely.

The report states that automated alerting and patching tools are a must to secure your software swiftly: Automation can help teams integrate security in the developmental stages to ensure high performance. Github analysis found that repositories that automatically generated a pull request to update to the fixed version patched their software in 33 days. This was 1.4 times faster or 13 days less than those who did not.

The report states that automating pull requests and having extensive continuous integration checks for security patches ensures faster software updates.

Obviously, the main conclusion of this report is how beneficial automation is to security hence the increasing adoption of DevSecOps in a multitude of companies.

Our 2020 Octoverse report found that automation improves productivity and the developer experience. But at Autodesk, automation helps more than just developers—starting with localization. https://t.co/4ZvU43QqMK pic.twitter.com/C4I2E26Ozb
— GitHub (@github) December 2, 2020