Datadog(US:DDOG) Globenewswire·2026-02-26 14:15Core Insights - The State of DevSecOps Report 2026 reveals a significant industry shift as security risks increasingly move upstream into the software supply chain, with 87% of organizations having at least one known exploitable vulnerability in deployed services [1][7] Industry Trends - Security risk is rising across the software delivery lifecycle, with the median software dependency now 278 days out of date, which is 63 days longer than the previous year [2] - The acceleration of development and reliance on third-party components are contributing to increased risks, as half of organizations adopt new library versions within 24 hours of release [3][7] Security Practices - Current security practices have not kept pace with the evolving methods of software development, leading to challenges in balancing speed and security [4] - The report indicates that only 18% of vulnerabilities labeled as "critical" remain critical when runtime context is applied, suggesting that alert volume is obscuring real risks [5][6] Visibility and Prioritization - The lack of context in vulnerability alerts complicates prioritization, resulting in potential burnout and slower response times for security teams [6] - Only 4% of organizations pin all public GitHub Actions to specific versions, leaving CI/CD pipelines vulnerable to silent changes in third-party code [3][7] Methodology - The report is based on telemetry analysis from tens of thousands of applications, providing a global perspective on security risks in modern software environments [8]