This post is part of G2's 2023 digital trends series. Read more about G2’s perspective on digital transformation trends in an introduction from Emily Malis Greathouse, director, market research, and additional coverage on trends identified by G2’s analysts.

When it comes to DevSecOps, ROI will take precedence

DevSecOps software has been trending for a few years now, and some self-deprecating analysts have found themselves rehashing the topic over and over (and over). Security is as vital as ever to software buyers. G2’s 2022 Buyer Behavior report found that more than four out of five buyers consider a vendor’s history with security breaches when evaluating software. Beyond buyer sentiment, software security, by its very nature, prevents harmful and expensive disasters.

Companies developing new digital products need to get in front of security risks by adopting a secure-by-design approach. Rather than developing new features and then retroactively addressing security gaps, development teams using DevSecOps software can enforce cybersecurity standards, detect vulnerabilities, and remediate problems early and often throughout development. This approach aims to shift the responsibility of producing secure software onto developers without overburdening them. Automation and machine learning features help ensure that developers can adopt security best practices without sacrificing productivity. 

There are a number of categories of DevSecOps software, from Secure Code Review to Software Composition Analysis. One might assume that companies investing in DevSecOps will focus on tools that offer the most protection and risk mitigation in the long term. However, given the current climate of economic uncertainty, I predict that 2023 will see companies focus first on the tools that show the most immediate bang for buck—software with the fastest return on investment.

According to G2 data, the DevSecOps category with the fastest ROI is clear

Based on G2 reviews, Penetration Testing Software has had the fastest average ROI of any DevSecOps category in the past year. In fact, it’s the only DevSecOps category with an average ROI of less than a year at eight months. 

The next fastest category, Static Code Analysis Tools, takes an average of 13 months to show a full return on investment. By contrast, Secure Code Review Software takes the longest time at 26 months. When companies begin scrutinizing their spending, investing funds that won’t fully bear fruit for over two years will be challenging.

The future of DevSecOps

If 2023 shapes up to be a year in which companies are tightening their budgets and making cuts where they can to stay afloat, we’re unlikely to see DevSecOps efforts halt. After all, cybersecurity risks remain a top concern for software buyers, and DevSecOps strategies save companies money by preventing them. 

Still, a landscape of economic uncertainty will likely shift companies’ software purchasing strategies. Instead of making investments toward long-term success that don’t see an immediate return, it’s probable that companies developing software products will instead look for quick turnarounds on investment.

Edited by Jigmee Bhutia