Skip to main content
HomeTopicsDevSecOps

DevSecOps

Application security statistics, shift-left adoption rates, security testing in CI/CD, and developer security training metrics.

Showing 1-14 of 14 results

The median software dependency is 278 days out of date, 63 days further behind than last year

DataDog5/27/2026
Software DependenciesSoftware Maintenance

87% of organizations have at least one known exploitable vulnerability in deployed services

DataDog5/27/2026
Exploitable VulnerabilitiesVulnerabilities

50% of organizations adopt new library versions within 24 hours of release

DataDog5/27/2026
Software Supply ChainDependency Management

Services using supported language versions face exploitable vulnerabilities in 31% of cases

DataDog5/27/2026
VulnerabilitiesExploitable Vulnerabilities

18% of vulnerabilities labeled "critical" remain critical once runtime context is applied

DataDog5/27/2026
Vulnerability PrioritizationRuntime Security

Only 4% of organizations pin all public GitHub Actions to a specific version using commit hashes

DataDog5/27/2026

More than four out of five CISOs oversee secure software development (DevSecOps).

Splunk5/27/2026
Software SecurityCISO

42% of services rely on libraries that are no longer actively maintained

DataDog5/27/2026
Dependency Management

Services using end-of-life language versions face exploitable vulnerabilities in 50% of cases

DataDog5/27/2026
Exploitable VulnerabilitiesLegacy Software

91% of mobile app developers and security leaders prefer security that spans the entire software development lifecycle.

Guardsquare2/22/2026
Software Development LifecycleApplication Security

68% of organizations in North America and Europe at companies with at least 1,000 employees lack full visibility or governance over AI-generated code contributions (2026).

Keyfactor2/4/2026
Software DevelopmentAI-Generated Code

Only half of organisations surveyed actively use core DevSecOps tools.

Checkmarx8/14/2025
AI

Just 51% of North American organisations report adopting DevSecOps

Checkmarx8/14/2025
AI

63% still report moderate or significant friction in getting developers to adopt security team feedback, despite increased DevSecOps collaboration.

ArmorCode & Purple Book Community4/28/2025
AppSec