DORA's 2022 Accelerate State of DevOps Report, which was released on Sept. 28, has a focus on security and identifying the best DevOps practices that help influence operational performance. This year's report builds on findings from the 2021 DORA report, which revealed a close alignment between DevOps success and site reliability engineering (SRE) practices.
This year's report found that there is growing adoption of tools and techniques to help secure the software supply chain. For example, 63% of respondents said their organization executed application-level security scanning as part of the development process prior to release. The report also examined the state of software delivery performance and found that there is a shift toward higher performance overall.
While tools are important, that's not the only critical component of DevOps success.
"The most surprising finding this year is that the biggest predictor of an organization's application development security practices was cultural, not technical," Claire Peters, DORA research lead at Google, told ITPro Today. "High-trust, low-blame cultures focused on performance were 1.6x more likely to have above average adoption of emerging security practices than low-trust, high-blame cultures focused on power or rules."
Learning from the DORA 2022 Operational Performance Metrics
Among the new aspects of the 2022 DORA report is that this year's study separates the analysis of software delivery performance and operational performance. In the past, software delivery performance and operational performance were analyzed as a single construct, Peters said.
Peters discussed two main takeaways: First, by analyzing software delivery performance and organizational performance separately, DORA was able to see, for the first time, that software delivery performance only affects organizational performance if reliability is firmly established. Second, achieving the necessary level of reliability requires fairly high SRE maturity.
"Based on these new findings, we recommend that teams aim for excellence in throughput, stability, and reliability — in equal measure," she said.
From SRE to Generative Organization Culture for DevOps
The 2022 DORA report also surfaces the need for what Google refers to as generative organizational culture to help improve software delivery, reliability, and software supply-chain security.
"The benefits of a healthy team culture — one in which team members cooperate and collaborate, where risks and responsibilities are shared, where failure is an opportunity for inquiry rather than punishment — cannot be overstated," Peters said.
DORA's research has shown the connection between healthy organizational culture and great software delivery performance over and over again, she said. The DORA 2021 report showed that healthy organizational cultures were half as likely to experience burnout as less healthy organizational cultures. DORA's 2022 research revealed that teams with healthy organizational culture were also the most mature in terms of security practices.
"Healthy organizational culture might seem like a nice to have thing for teams that want to improve their software delivery outcomes, but our research suggests that it's a necessity for the happiest, healthiest, most productive teams," Peters said.
About the authorSean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He consults to industry and media organizations on technology issues.