DevOps metrics
DevOps Research and Assessment (DORA) team has identified four metrics that measure DevOps performance:
- Deployment Frequency
How often an organization successfully releases to production
- Lead Time for Changes
The amount of time it takes a commit to get into production
- Change Failure Rate
The percentage of deployments causing a failure in production
- Time to Restore Service
How long it takes an organization to recover from a failure in production
What about DevSecOps metrics?
A wide list of DevSecOps metrics can be found from the guys from maverix:
There are even too many of them. We should focus on the following:
- Mean Time to Detect (MTTD)
Measures the average time taken to detect security incidents or vulnerabilities. It indicates the efficiency of security monitoring, detection systems, and incident response processes.
- Mean Time to Remediate (MTTR)
Measures the average time taken to remediate or mitigate security incidents or vulnerabilities. It highlights the effectiveness of incident response, patching, and vulnerability management practices.
- Mean Time In Production (MTIP)
Describes average length of time a vulnerability spends in production before it is remediated and fixed (removed from production environment). This metric applies to vulnerabilities that have already been resolved after they got into production. It is measured at the time when the code is released into production.
- Security Technical Debt (STD)
Describes the total number of not resolved vulnerabilities in production.
What metrics do you use?
Join me on LinkedIn and stay updated on the latest DevSecOps industry trends, valuable insights, and exciting opportunities!
