2022 Snyk Customer Value Study highlights: The impact of developer-first security
18 de outubro de 2022
0 minutos de leituraDeveloper-centric security movements have dominated discussions in software development over recent years. The concepts are clear — integrate security early and find issues faster. But how does an organization measure the success of its developer security program?
Given the current market conditions, understanding the value that the tools in your security stack are bringing to your organization is paramount. As such, Snyk set out to understand the value our customers are seeing in their security programs in our first annual Customer Value Study. The goal of this study was to understand our customers’ most important value drivers, discover how they think about their return on investment and find out how much quantifiable benefit they’ve realized by leveraging the Snyk platform.
Hearing firsthand from our customers
We turned to our customers to understand the value they’ve seen with Snyk in the past year. Nearly 350 Snyk customers from over 220 organizations shared their experience through an online survey. They were asked to report on goals in selecting open source security tooling, primary benefits with Snyk, and time savings related to having implemented Snyk. Respondents’ organizations ranged from small and mid-size to Fortune 500.
Snyk surveyed customers from a variety of seniority levels (engineers to executives), regions (LATAM, APJ, EMEA, AMER), and industries (from government and education to media, manufacturing, business services, and more). Respondents fell within security, DevOps & engineering; 77% of respondents were developers who are using Snyk every day.
Key benefits of Snyk
Developers, security professionals, and DevOps practitioners were each asked how Snyk contributed to their developer security program. The top two benefits, across all three groups, were increased visibility and ease of use. You can’t fix what you aren’t aware of, and complex tools only make security seem more intimidating.
Snyk’s intuitive, developer-centric interface makes your code security journey much less overwhelming. And once you’ve integrated Snyk into your existing workflows, our automation and informative reporting keep you in the loop when it comes to the health of your application, and ensure you’re the first to know of any potential security incidents.
CISOs’ top considerations
According to our customers, the following were the most important aspects of security tooling that CISOs consider when assessing the value of their tooling:
Risk Reduction
$2.1mm ROI:According to IBM’s 2022 Cost of a Data Breach Report, 28% of breaches originate from vulnerabilities in third-party code or cloud misconfiguration as initial attack vectors. Based on the likelihood and cost of a breach, the average Snyk customer realized an ROI of $2.1mm in the past year based on risk avoidance.
44% reduction in mean time to fix (MTTF): In the past year, we found that on average, each customer organization has reduced their mean time to fix by 44% (or 27 days), thereby reducing their exposure window and further reducing risk. An organization’s exposure window is a measure of the time a vulnerable piece of code is accessible, and therefore exposed to potentially dangerous activity.
Coverage
249% increase in adoption: Snyk customers increased coverage of their codebase by an average of 249% in the past year demonstrating increased adoption and the need to scan growing code repositories.
Speed
3.2x faster:Snyk customers reported on alternative solutions they had evaluated or used prior to selecting Snyk. Based on this experience, they also reported that Snyk’s scanning capabilities were 3.2x faster on average than other solutions in the market. This allows security and DevOps teams to get the accurate, actionable data they need in less time and start fixing issues sooner.
CTOs’ top considerations
Our customers also shared what was most important for CTOs when evaluating security tooling used by their teams:
Ease of Use
85% of developers recommend Snyk:The vast majority of developers reported that they highly recommend using Snyk based on time savings and ease of use.
18 days time to value (TTV):Since Snyk is scalable and API ready right out of the box, customers are able to implement the solution quickly. Customers reported that on average, TTV was 18 days; from the time of purchase until they were able to start seeing the benefits of the Snyk platform.
Developer Productivity
$327k ROI:Based on reported time savings with Snyk, critical/high vulnerabilities fixed in the past year and data from Stack Overflow’s 2021 Developer Survey revealing a U.S. average developer rate of $70/hour, the average customer saw an ROI of $327k from 2021-2022 based on developer efficiency gains.
2.2 development FTE: Based on working hours in a calendar year, these savings results in increased productivity gains that equate to an average 2.2 development FTE per customer organization.
Reliability
62% reduction in critical vulnerabilities:This was the percentage by which customers reduced critical vulnerabilities in their environments within the past year. With Snyk they were able to improve their risk posture and prevent potential breaches by dependably finding and fixing vulnerabilities in their code, containers, open source dependencies, and cloud infrastructure.
91% fixed within 2 days: Over 90% of Snyk customers exposed to Log4Shell successfully fixed all issues within their environments within 2 days, underscoring Snyk’s ability to quickly help find and fix zero-day vulnerabilities. Zero-day vulnerabilities, or vulns that have been disclosed but not yet patched, occupy a high-risk sector of the code security space. These vulnerabilities pose a higher risk than others because they are discovered by potentially malicious actors before security professionals or developers could find and fix them.
The Snyk Customer Value Study gave us valuable insights into our customers and how we can best support them moving forward. As a company, Snyk strives to be on the cutting edge of developer security and provide the best possible tooling — so hearing first-hand that we’re on the right track and meeting (or surpassing) our clients' expectations was fantastic.
Thank you to all of our customers that took the time to be a part of this study! Your feedback was invaluable, and we can’t wait to continue innovating and partnering in your developer security journey. To learn more about Snyk and how we can help your organization, book a demo with one of our security experts — or try our tools yourself with a free Snyk account.
Encontre e corrija automaticamente as vulnerabilidades
A Snyk oferece solicitações de pull de correção em um clique e recomendações de correção para seu código, dependências, contêineres e infraestrutura na nuvem.