1、SurveySANS 2022 DevSecOps Survey:Creating a Culture to Significantly Improve Your Organizations Security PostureWritten by Chris Edmundson and Kenneth G.HartmanSeptember 20222022 SANS Institute2SANS 2022 DevSecOps Survey:Creating a Culture to Significantly Improve Your Organizations Security Posture

2、Executive SummaryThe SANS 2022 DevSecOps survey examines the progress made over the past year toward improving organizations security posture and operational effectiveness by aligning the development,security,and operations teams around secure DevOps cultural ideals,practices,and tools.Respondents r

3、epresenting a broad range of industries,job roles,and organization sizes participated.The survey results indicate that,more than ever,applications are being hosted in multicloud,hybrid environments using virtual machines(VMs),containers,and serverless functions.Such environments present security cha

4、llenges because of the inherent differences among the various cloud service providers and the very different demands of on-premises hosting.The survey questions investigate topics such as the DevSecOps landscape,application hosting in the cloud,methods of securing multiple cloud environments at scal

5、e,container security,and to automation of compliance functions.We also look at DevSecOps practices and tools,along with challenges and success factors.The final section,“Moving Forward,”summarizes the key takeaways of each preceding section and advises organizations to continue to promote DevSecOps

6、practices(such as conducting blameless retrospectives),to leverage technologies(such as Cloud Security Posture Management and Cloud Workload Protection Platforms)in order to cope with scale,and to monitor or experiment with new,trending technologies(such as artificial intelligence,data science,and G