GitLab Survey Reveals Tension Around AI, Security, and Developer Productivity within Organizations

• CxOs and staff are not aligned on the topics of AI, risk, and training
• Efforts to fix security vulnerabilities are hindered by organizational red tape
• Leadership understands the importance of developer productivity for organizational success but isn’t measuring it against business outcomes
• While most companies are shipping software twice as fast as last year, toolchain sprawl is hindering velocity

San Francisco, CA – June 25, 2024 – ALL REMOTE — GitLab Inc., the most comprehensive AI-powered DevSecOps platform, today released its 8th annual Global DevSecOps Report on the current state of software development. In April 2024, GitLab surveyed over 5,300 CxOs, IT leaders, developers, and security and operations professionals worldwide on their successes, challenges, and main priorities for implementing DevSecOps.

The report underscores the mixed sentiments surrounding security, developer productivity, and AI's role as a catalyst and a potential risk. It also reveals differing priorities and concerns between CxOs and individual contributors.

Global CxOs (69%) say they are shipping software at least twice as fast as a year ago, highlighting that acceleration is underway. However, only 26% of respondents report implementing AI.

Other key themes include:

Perceptions of AI risk, training, and skills vary between executives and staff

• 56% of CxOs said introducing AI into the software development lifecycle is risky, while only 40% of individual contributors cited concerns about privacy and data security as a top obstacle to using AI in the software development lifecycle.
• 35% of CxOs identified the lack of an appropriate skill set to employ AI or interpret AI output as an obstacle to using AI, but only 26% of individual contributors agreed.
• 25% of individual contributors said their organizations don’t provide adequate training and resources for using AI; however, only 15% of CxOs felt the same way.

Software supply chain security is a potential weak spot

• 67% of individual contributors said a quarter or more of the code they work on is from open source libraries — but only 21% of organizations are currently using a software bill of materials (SBOM) to document the composition of their software.
• 52% of security professionals said organizational red tape often slows their efforts to fix vulnerabilities quickly.
• 55% of security professionals report that they most commonly discover vulnerabilities after code is merged into a test environment.

CxOs consider developer productivity a critical operational metric—but are unsure how to measure it

• 99% of CxOs responded that developer productivity could help their business in some way, with 57% reporting that measuring it is key to business growth.
• 51% of CxOs said their current methods for measuring developer productivity are flawed or want to measure it but aren’t sure how, while 45% of CxOs aren’t even measuring developer productivity against business outcomes.

Too many tools are slowing down development velocity

• 52% of CxOs said their teams use 2-5 tools for software development, while 54% of individual contributors report their teams use 6-14 tools, representing another disconnect within organizations.
• 74% of respondents whose organizations are currently using AI for software development said they want to consolidate their toolchain, compared to 57% of those who aren’t using AI.
• Only 17% of respondents overall have already begun consolidation efforts.

“As we navigate the rapidly evolving landscape of software innovation, it’s evident that a disconnect remains between organizational leadership and developers on critical topics such as risk management and training. This gap is further exacerbated by red tape that can hinder efforts to fix issues quickly,” said Ashley Kramer, GitLab chief marketing and strategy officer. “While it’s encouraging to see organizations doubling their software shipping speed in just a year, and no doubt AI has played a part, it’s imperative that organizations bridge these gaps with technology. They can drive even more innovation if they acknowledge the issues and collaborate to address them.”

To access the full 2024 DevSecOps Report, click here.

About GitLab

GitLab is the most comprehensive AI-powered DevSecOps platform for software innovation. GitLab enables organizations to increase developer productivity, improve operational efficiency, reduce security and compliance risk, and accelerate digital transformation. More than 30 million registered users and more than 50% of the Fortune 100 trust GitLab to ship better, more secure software faster.

Media Contact

[email protected]