Black Duck Research Reveals Majority of DevSecOps Teams Are Concerned About AI-Generated Code Security
10 / Ekim / 24
Black Duck® Software, Inc. (“Black Duck”) has published its “Global State of DevSecOps 2024” report, which examines trends, challenges, and opportunities in software security. The findings indicate that the growing use of AI is significantly impacting both the security and efficiency of the software development lifecycle. Over 90% of respondents reported using AI at some stage in their development process. However, 67% expressed concerns about the security of AI-generated code.
AI is widely adopted across industries such as technology, cybersecurity, fintech, education, banking, healthcare, media, insurance, transportation, and utilities—highlighting the critical need for robust security mechanisms. Even in the non-profit sector, where technological advancements tend to be slower due to limited resources, at least half of the organizations surveyed reported using AI.
Black Duck CEO Jason Schmitt commented, “AI is a tool that should be embraced, not feared, as long as the right precautions are taken. For DevSecOps teams, this means integrating AI into the software development process thoughtfully and establishing appropriate governance strategies to safeguard organizations’ most valuable asset—data.”
The report is based on a Censuswide survey of over 1,000 IT professionals globally, including software developers, AppSec experts, CISOs, and DevOps engineers. Key findings include:
● AI usage is widespread, but security professionals remain skeptical. 85% of respondents have taken measures to address potential IP, copyright, and licensing issues associated with AI-generated code, yet only 24% are “very confident” in their policies and processes for testing such code.
● Security continues to slow down development. 61% of respondents said that security testing significantly delays development timelines, with 50% still relying heavily on manual processes.
● The overuse of security testing tools is causing inconsistencies. 82% of organizations are using between 6 to 20 different security testing tools, making it difficult to integrate results across platforms and to distinguish between true and false positives.
For the full Global State of DevSecOps 2024 report, click [here]