Questions? +1 (202) 335-3939 Login
Trusted News Since 1995
A service for IT industry professionals · Friday, October 30, 2020 · 529,588,974 Articles · 3+ Million Readers

One in Six Developers in Healthcare Industry Report Open Source Software Breaches, Sonatype Finds

Nearly one-third of happy coders say security is a top concern, showing desire for change in the industry

/EIN News/ -- Fulton, MD, June 04, 2020 (GLOBE NEWSWIRE) -- Sonatype, the company that scales DevOps through open source governance and software supply chain automation, today published Healthcare industry-specific findings from its seventh annual DevSecOps Community Survey. The survey pulls back the curtain on successful DevSecOps practices and secure coding, and highlights trends in different verticals, including Healthcare.

Within Healthcare organizations, Sonatype found that motivations to implement security controls were largely driven by compliance requirements (50%), but surprisingly, executives were 7.5 times more likely than developers to implement secure development practices as a competitive advantage. When it came to automating governance and compliance to improve security, Mature DevOps teams were two times more likely to properly integrate automated security tools compared to their Immature healthcare industry peers.

One area for improvement for the industry is security, especially against the backdrop of the ongoing pandemic and the cyber attacks on healthcare organizations that have occurred during the crisis. The survey found that developers in more than 1 in 6 organizations reported breaches tied to open source software components used in applications. To limit susceptibility to open source software related breaches, mature DevOps respondents in the survey revealed that they were 1.5 times more likely to keep a complete Software Bill of Materials (SBOM) - a practice that can dramatically reduce a healthcare organization’s window of exploitability that is also recommended by the FDA.

When it comes to making developers happy at work, the data point to two critical factors. Training is important to them — 67% of happy healthcare developers said self-paced e-learning is made available to them, while 75% of grumpy developers in the industry said they don’t get any training. The second factor is team harmony: when asked who causes the most friction on their teams, 29% of happy healthcare developers said “none,” while 50% of grumpy developers said executives. Given this, it’s key that healthcare technology leaders design work cultures in which their developers can thrive, leading to more secure code and applications, and better healthcare delivery overall.

“DevSecOps practices are proving transformational for every industry, but it’s especially critical that we get them right for healthcare, given its pivotal role in our communities,” said Derek Weeks, Vice President at Sonatype. “The Healthcare Proof of Concept report released by NTIA, and encouraged by the likes of the FDA, is a crucial step in making healthcare applications built by developers more secure, but it is up to this industry’s tech leaders to help enact day-to-day change today.” 

The full report with these findings and others is available here.

About the DevSecOps Community Survey

The 2020 DevSecOps Community Survey is based on responses from 5,045 software professionals across the globe and provides visibility into the attitudes of software professionals toward DevOps best practices and the changing role of application security. The results reported here came in response to 34 questions asked by Sonatype and our DevOps community advocates including All Day DevOps, Carnegie Mellon’s Software Engineering Institute, CloudBees,, DevOps Institute, DevSecOps Days, NowSecure, Security Boulevard and Verica. The survey’s margin of error is ± 1.226 percentage points at the 95% confidence level.

About Sonatype

Sonatype is the leader in software supply chain automation technology with more than 350 employees, over 1,000 enterprise customers, and is trusted by more than 10 million software developers. Sonatype’s Nexus platform enables DevOps teams and developers to automatically integrate security at every stage of the modern development pipeline by combining in-depth component intelligence with real-time remediation guidance. For more information, please visit, or connect with us on Facebook, Twitter, or LinkedIn.

Cole Garry
                    Mission North for Sonatype
Powered by EIN News
Distribution channels: Media, Advertising & PR

EIN Presswire does not exercise editorial control over third-party content provided, uploaded, published, or distributed by users of EIN Presswire. We are a distributor, not a publisher, of 3rd party content. Such content may contain the views, opinions, statements, offers, and other material of the respective users, suppliers, participants, or authors.

Submit your press release