DevSecOps is a process that aims to build security in at the outset of software development. It ensures security audits and testing throughout the agile development process so that security is a priority – not an afterthought. A new survey of more than 1,000 security leaders conducted by Ponemon Research and security firm Reliaquest finds almost half (49%) of security leaders are enabling DevSecOps best practices in their organizations. That’s a promising number.

At the center of any digital transformation effort lies an inevitable collision between speed and security. On the left, DevOps wants to write code and push new products to innovate and stay competitive. On the right, Security teams want to ensure applications are secure and unexploitable so that their organization stays safe. DevOps wants to keep moving. Security is seen as a bottleneck to progress. When this happens, progress stalls, trust erodes and nobody wins.

An annual study that looks at the differences between organizations with mature DevSecOps practices and immature programs makes one thing clear: mature DevSecOps practices make developers happy. The survey, released annually by Sonatype, CloudBees, Signal Sciences, Twistlock and Carnegie Mellon’s Software Engineering Institute had 5,045 respondents from over 70 different countries in its most recent release.