You are here

You are here

DevSecOps Survey: You need happy developers to build secure software

public://pictures/cnyfyc9r_400x400.jpg
DJ Schleen DevSecOps Advocate, Sonatype
 

If I had a laptop sticker for every grumpy developer I’ve met, my laptop would be covered over. I’m joking (a little), but attitude matters.

The differences between happy and unhappy developers, and how their attitudes shape software security, is entirely backed up by the findings in Sonatype’s seventh annual, 2020 DevSecOps Community Survey.

Don’t get me wrong. Developers are my people. I surveyed over 5,000 of them from 102 countries to learn more about my tribe. And when I looked at the data, distinct patterns emerged. The fault lines run right along the upside-down frowns.

We found compelling evidence that happy developers work on teams with mature DevSecOps practices. These developers are nearly twice as likely to:

  • Say they like their job (1.7x more likely)

  • Get work done (1.7x more likely)

  • Encourage friends to come work with them (1.8x more likely)

How does happiness produce better software, and stronger business results? You may be surprised to learn how deeply mood and motivation are interconnected. Here is a brief look at just some of the patterns our research revealed.

Happy developers like their jobs and companies

Happy developers thrive in collaborative cultures, the foundation of mature DevSecOps teams. These developers are engaged at work, and it shows.

Social scientist Arnold Bakker sums it up in his evidence-based model for work engagement:

“Engaged workers are more open to new information, more productive, and more willing to go the extra mile. Moreover, engaged workers proactively change their work environment in order to stay engaged.”

The survey supports Bakker’s research. Job satisfaction among developers is highest in organizations with mature DevOps practices. Over 92% of developers in mature DevOps organizations showed high levels of job satisfaction. Compare this to the 61% of developers in organizations with immature DevOps practices who described their job satisfaction in positive terms.


Happy developers are also more likely to recommend their company to peers. This makes recruitment and retention efforts easier for companies—a bonus when hiring is so competitive—and the talent stack provides a marketplace edge. In-house recruiting also saves a business considerable money in advertising, recruiter fees, and commissions.

For example, Stephen King, the president and CEO of GrowthForce, says that “external hires demand 18%-20% more in salary than internal hires.” Therefore, it’s not surprising to hear of developers moving to greener—and more mature—DevOps pastures inside a business.

Happy developers get the job done

Imagine a crazy day when you’re implementing new security controls or trying to remediate a vulnerability before an adversary finds it. Would you want to be managing a team where seven out of ten of your developers think they can complete the work, or would you rather manage a team where nine out 10 showed confidence in their ability to complete the work? Nine out of ten is a team that wins, and it's one that arrives and leaves happy.

The survey also shows a strong correlation between mature DevOps practices and developer productivity. In organizations with mature DevOps practices, 89% of developers say they are more likely to get their work done. By contrast, 69% of developers working in organizations with immature DevOps practices felt they could complete their assignments. When I looked at this data, it confirmed my suspicions:

Automation in mature DevOps practices helps folks achieve higher productivity levels.

Remember, a greater number of happy developers work in mature DevOps practices.

Happy developers make more secure software

Yes, happiness plays a role in software security.

Finding time to spend on security is not a new issue for developers. For three years running, 47% of developers who took this survey said they believe security is important—and that they struggle to find more time to spend on it.

Teams with mature DevSecOps practices are 1.8 times more likely to implement automated tooling to help developers understand security risks. Any stressed-out developer can see the correlation to happiness there. The right tools can make a developer’s work experience much easier and more enjoyable. Security automation tooling also improves security, well, automatically.

“Security automation allows developers to focus on their creative thinking and problem-solving strengths, where less time is required for hunting down vulnerabilities in code. They’ll never have more time to spend on security, but automation can help them deliver more secure code,” said Sonatype Vice President Derek Weeks.

The bottom line is that you need more happy developers. I haven’t covered everything in the survey, but already you can see the correlation between job satisfaction, job productivity, software quality, and happiness. If you’re building a business case for cultural change, the 2020 DevSecOps Community Survey is a great resource. 

See for yourself. Download the full 2020 DevSecOps Community Survey to get the full results. And be sure to register for All Day DevOps | Spring Break on April 17, 2020, where we'll be delivering an online keynote session that goes over the survey in depth. You won’t want to miss it.

Keep learning