- Within healthcare organisations, the motivations to implement security controls were largely driven by compliance requirements (50 per cent)
- Mature DevOps respondents in the survey revealed that they were 1.5 times more likely to keep a complete Software Bill of Materials (SBOM)
Developers in more than one in six organisations in the healthcare industry reported breaches tied to open source software components used in applications as per the annual DevSecOps community survey by Sonatype. The report also said that within healthcare organisations, the motivations to implement security controls were largely driven by compliance requirements (50 per cent), but executives were also 7.5 times more likely than developers to implement secure development practices as a competitive advantage.
Properly integrate automated security tools
In terms of automating governance and compliance to improve security, Mature DevOps teams were two times more likely to properly integrate automated security tools compared to their immature healthcare industry peers said the survey. The report also said that to limit susceptibility to open source software related breaches, mature DevOps respondents in the survey revealed that they were 1.5 times more likely to keep a complete Software Bill of Materials (SBOM).
Derek Weeks, vice president at Sonatype said, “DevSecOps practices are proving transformational for every industry, but it’s especially critical that we get them right for healthcare, given its pivotal role in our communities. The Healthcare Proof of Concept report released by NTIA, and encouraged by the likes of the FDA, is a crucial step in making healthcare applications built by developers more secure, but it is up to this industry’s tech leaders to help enact day-to-day change today.”
The survey also said that 67 per cent of happy healthcare developers said self-paced e-learning is made available to them. As per the survey, “75 per cent of grumpy developers in the industry said they don’t get any training.” When asked who causes the most friction on their teams, “29 per cent of happy healthcare developers said none, while 50 per cent of grumpy developers said executives.