2025年平衡AI使用与风险：全球DevSecOps状况报告

THE GLOBAL STATE OF DEVSECOPS CONTENTS Navigating Speed, Friction, and AI in DevSecOps............................................... 3Why You Should Read This Report............................................................................. 3For Executive Leaders............................................................................................................3For DevSecOps Professionals................................................................................................3Survey Methodology...............................................................................................................3Executive Summary: Key Findings..................................................................... 4“Sec” Lags Behind “Dev” and “Ops”................................................................... 6Velocity as the New Standard.................................................................................... 6The Automation Maturity Gap................................................................................................6More Tools, More Problems....................................................................................................6Mapping the AST Ecosystem..................................................................................................7Drowning in False Positives....................................................................................................7The Persistent “Speed vs. Security” Dilemma........................................................................8AI Disruption: A Double-Edged Sword................................................................ 9Widespread Adoption of AI and Shadow AI................................................................ 9Risk vs. Security.....................................................................................................................9A Dangerous Disconnect?....................................................................................................10 Recommendations and Outlook........................................................................11The Mandate for Workflow Integration.................................................................... 11Actionable Recommendations.............................................................................................11Future Outlook........................................................................................................ 12How Black Duck Can Help................................................................................13From Security Debt to Security Assurance............................................................... 13Unifying the AST Landscape with a Single Platform............................................................13Embedding Security into the Developer’s Native Workflow..................................................14Leveraging AI as a Security Force Multiplier........................................................................14Tracking Open Source AI Models in Critical Projects...........................................................15A Tailored Approach for Your Role........................................................................... 15For Executive Leaders: Transforming Systemic Risk into Competitive Advantage..............15For Hands-on Practitioners: Building Secure Software Without Sacrificing Speed..............15Conclusion: Building Trust in Your Software............................................................ 15Appendix A: Full Survey Questions and Responses...........................................16Appendix B: Detailed Respondent Demographics..............................................19 Our findings validate the constant battle you fight between speedand security. It gives you the data to start making a businesscase for the integrated, developer-focused tools and processesyou need. Use this data to benchmark your team, understand theessential new skills in an AI-driven world, and get support for thestrategic changes required to build secure software. Why You Should Read This Report NAVIGATING SPEED,FRICTION, AND AI INDEVSECOPS This report is a strategic analysis of the forces that are shapinghow software is built and secured. We’ve tailored the data andinsights for the people who define the strategy as well as forthose who must execute it. The goal of DevSecOps has always been to ensure that speedand safety are on equal footing. Black Duck’s latest researchreveals that although many organizations have successfullybuilt high-velocity development pipelines,security automationlags far behind. For Executive Leaders Survey MethodologyThe analysis in this report is grounded in a comprehensive This report is about business risk, investment efficiency, andcompetitive advantages. Our findings on toolchain inefficiencygive you a clear way to evaluate the ROI of your securityspending. Our research shows that it’s time to stop buying