TheCUBE’s Rob Strechay and Paul Nashawaty unpack “Day 1: Release with Confidence” at the AppDev Done Right Summit, exploring how automation, testing and security strategies drive successful software delivery. Their discussion focuses on building resilience into release pipelines while accelerating speed without sacrificing quality.
Drawing on industry research and real-world user insights, the Strechay and Nashawaty spotlight the role of CI/CD pipelines, value stream management and policy automation in transforming release practices. These tools not only enhance development efficiency but also reduce friction in compliance and governance.
Nashawaty and Strechay emphasize that confident releases come from well-structured processes that balance innovation with control. For teams aiming to ship faster and smarter, this session delivers sharp guidance rooted in practical experience and actionable data.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
AppDev Done Right Summit. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For AppDev Done Right Summit
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for AppDev Done Right Summit.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
AppDev Done Right Summit. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to AppDev Done Right Summit
Please sign in with LinkedIn to continue to AppDev Done Right Summit. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Research Spotlight - Day 1: Release with Confidence
TheCUBE’s Rob Strechay and Paul Nashawaty unpack “Day 1: Release with Confidence” at the AppDev Done Right Summit, exploring how automation, testing and security strategies drive successful software delivery. Their discussion focuses on building resilience into release pipelines while accelerating speed without sacrificing quality.
Drawing on industry research and real-world user insights, the Strechay and Nashawaty spotlight the role of CI/CD pipelines, value stream management and policy automation in transforming release practices. These tools not only enhance development efficiency but also reduce friction in compliance and governance.
Nashawaty and Strechay emphasize that confident releases come from well-structured processes that balance innovation with control. For teams aiming to ship faster and smarter, this session delivers sharp guidance rooted in practical experience and actionable data.
Research Spotlight - Day 1: Release with Confidence
Rob Strechay
Dir./Principal Analyst & HosttheCUBE Research
HOST
TheCUBE’s Rob Strechay and Paul Nashawaty unpack “Day 1: Release with Confidence” at the AppDev Done Right Summit, exploring how automation, testing and security strategies drive successful software delivery. Their discussion focuses on building resilience into release pipelines while accelerating speed without sacrificing quality.
Drawing on industry research and real-world user insights, the Strechay and Nashawaty spotlight the role of CI/CD pipelines, value stream management and policy automation in transforming release practices. These tools not on...Read more
exploreKeep Exploring
What topics and themes are being discussed in the day one session of the AppDev Summit?add
What are the benefits and metrics associated with the adoption of CI/CD pipelines in software development?add
What are the findings regarding organizations' goals for code release frequency and the effectiveness of adopting value stream management?add
What was the percentage of organizations conducting continuous integration testing as part of the CI/CD pipeline in 2022?add
What impact does early integration of security in the pipeline have on incident remediation costs, and what is the expected growth rate of DevSecOps adoption?add
Research Spotlight - Day 1: Release with Confidence
search
Paul Nashawaty
>> Hi, welcome to our day one session of the AppDev Summit, Release with Confidence. Today we are diving into a critical phase of delivering software that's not just built right, but it's also focused on automation, testing, continuous integration, deployment practices, and anything that has to do with releasing a smooth, secure, and stable software and development environment. My name is Paul Nashawaty and I am here to talk to you about the AppDev relationships and what's happening within the space. I covered the AppDev practice here at theCUBE Research and I'm joined by industry expert Rob Strechay to share the insights and strategies to help your teams accelerate, delivery while minimizing risk and empowering you to release with confidence over time. Rob, it's always great to have you on, always great to have conversations about what we're talking about here. We've been around the block a few times and done this a few times, but I mean, I think it's awesome to be part of the AppDev Summit, especially when it comes to what we're talking about here. So why don't you introduce yourself to the crowd.
Rob Strechay
>> Yeah, well, thanks for welcoming me in and letting me be part of the summit here. It's a lot of fun because I think, again, like you said, we've both been around this block several times depending on where we've been either on the vendor side, the end user side, and I think really a lot of the communication that we've had with a lot of the end users and seeing where they're at from these stages, especially in day zero, is really huge. So I'm glad to be here.
Paul Nashawaty
>> Absolutely, and we were just on with Savannah earlier today talking about day zero. Here we're talking about day one, and as we kick off today's session, Release with Confidence, day one is really focused on how we're exploring modern development teams, can we streamline their release pipelines really without sacrificing that quality or security. So in this session, and Rob, I really want to talk about the things that really impact the SDLC. And when we look at the overall summit, we had day zero, day one, day two, and and anything that touches the CI/CD pipeline and anything across the SDLC. But when we talk about day one in particular, there's specific things like automation, testing, continuous integration. Those things are in place to enable faster, more reliable software delivery. Would you agree?
Rob Strechay
>> I would. I would totally agree, and I think I misspoke about day zero earlier, but I mean, day one is, when the rubber meets the road, and I think when you start to look at how teams instrument in day zero, get to day one, see how things are deployed and making sure that it doesn't go bump in the night is a big piece of that as well.
Paul Nashawaty
>> No, absolutely. And then when we start talking about the different life cycles, so when we're looking at different parts of the delivery, let's talk a little bit about accelerating delivery pipelines. What are you hearing from vendors, from organizations, from the community? I know you have a lot of discussions with end users as well as vendors, what are you hearing with regards to accelerating delivery pipelines?
Rob Strechay
>> Yeah, I think again, everybody's looking to be able to lean in and go faster, but with confidence and trust, especially when you get into things like AI, I don't think any combination of different software as people build out agentic systems that are more than just chatbots. And I think a lot of them are looking for different ways and strategies to really lean in and accelerate their time to market and time to value with these applications, and how to be able to do that in an ongoing statement. I know similarly, you've been talking to a lot of customers and a lot of end users around how they're really accelerating those delivery pipelines while trying to minimize or maximize quality and minimize really deployment risks. What have you been seeing? I know you've been looking at the numbers as well.
Paul Nashawaty
>> Oh, absolutely. And thanks for kind of teeing that up because I really liked the fact that I was able to do, as I mentioned on a previous couple of sessions here, and if you haven't seen it, you should go back and look at them, but we have a number of new fresh data points that are coming out of the field. And as part of this summit, lots of new research from theCUBE Research around day zero, day one, day two and DevSecOps. But let me address your comment in particular, Rob, when we're looking at accelerating delivery pipelines and ensuring quality and minimizing deployment risks, what we're finding is in our research, we're seeing it aligns nicely to the DORA metrics that we're seeing where elite performers are deploying 973 times more frequently and have 6,570 times faster lead times than lower performers. And that's kind of about the acceleration, but we're also seeing how companies that are adopting CI/CD pipelines, they're reporting 60 to 80% reduction in development time, which is faster feedback loops and improving product quality. And that's a big part of it as well. When you try to release... We found in our study that over almost 850 respondents in a global study, we found that the organizations are looking to release code on an hourly basis. 24% of respondents indicated that they want a release code on an hourly basis, yet only 8% are able to do so. So part of the ways that these organizations are looking at ways to overcome this is they're adopting things like value stream management, and we're seeing in the research by adopting value stream management 15 to 20% increase in delivery efficiency across the software teams occurs. So there's a number of areas here, Rob, that I think is tying into the overall development process.
Rob Strechay
>> Yeah, no, I think that makes a lot of sense. And when you start to think about these organizations that do deploy on an hourly basis, I mean, again, they have a lot of process behind the scene that enables them to go fast with little friction and give some independence to the different dev teams as well. But again, I think when everybody talks about shift left or shift right and meet in the middle kinds of things, even beyond security, to me it's people want to do the right things and don't want to put out, for lack of a better word, crappy code and want quality code to go out because if it's not quality code they're going to be revisiting it. And I know you and I have seen it before where people were spending 30% of their time on bug fixes, 30% of their time on feature enhancements, and 30% of the time is only on innovation. And when we start to see things like that, that comes from things like having really good governance and policy automation and really focusing in on how they can put as much of that in code and enable guardrails and guidelines to those devs. So how are you seeing or how have you seen in the data that organizations are really focused on implementing that governance and policy automation because they want to ensure compliance and security, but they don't want to slow people down. And I know that's a really tough lift.
Paul Nashawaty
>> Yeah, absolutely, Rob. What's really great about this is the session that Savannah and I covered off on day zero, we were talking about building code, we were talking about low-code, no-code solutions, governance control and regulations and compliance all kind of fit into this as well. But when we're talking about day one in particular, we're seeing that governance and policy automation is really becoming a point where organizations are looking at driving results. 72% of CIOs basically state that lack of policy automation creates friction between the development speed and compliance needs. This is a problem because, as we said... Unfortunately your stat is spot on, which is a 1/3 of the time for developers are spent in writing code and innovating, where 2/3 of their time are spent in doing maintenance and things that they don't probably want to do, honestly.b. Ut what we're seeing is with this low-code, no-code delivery of moving code into the citizen developer, you have to have automation and you have to have policy as code frameworks in order to reduce compliance violations. What we're seeing is organizations that use policy as code are reducing compliance violations by upwards of 70%. We're also seeing 63% of enterprise leaders are investing in platforms that enable governance to help that development workflow rather than bolting it on later. And the reason they're doing this is because they're empowering the citizen developer to do more of their own enablement of developing those codes. And releasing their codes, they can have the professional developer focus on the things that they really want to focus on the innovation piece. And maybe, maybe Rob, we'll see a shift, I know it's been years since I've seen this shift, but maybe we'll see a shift of that 1/3 of innovation moving up to 2/3 for that professional developer as we move forward.
Rob Strechay
>> That would be wonderful, to put it mildly. And I think again, when you start to look at how people are really focused on making things better. And I think again, no organization... I was talking to the VP and CTO of a large bank at one of the shows we were at, and his exact thing was, "Hey, I want people to see the innovation we're doing, not be thinking of the bank as a monolithic entity that is go slow. We're doing everything cloud native, we're doing all of this, we're doing infrastructure as code, but yet we have regulations."
I mean, again, having been on the financial side of things when I was an ITN user and the SEC sends you something in the mail, you pay attention to that. I mean, it's funny how that gets your attention. And same thing with bank regulators, stress testing and things of that nature where they all have to go through. But I think a lot of that has to do with a focus on quality and automation, which really can help those cycles because I think the fear of not having those pieces in place, infrastructure as code, really then hurts on the back end when you get to that quality and automation. How are you seeing the organizations go about integrating quality and test automation into the development processes? Because looking to improve that reliability and accelerate release cycles, but again, it's putting the policies and procedures with the tools and how are you seeing that role?
Paul Nashawaty
>> Yeah, no, Rob, this is great. I mean, this is a great question. I am really happy you asked this from this perspective. As you know, I've been doing this, the focus in the app dev space for quite some time, and I run trending data. And I have some trending research data, so in 2022 I ran a study that focused around the question of continuous integration testing. And I found shockingly only 29% of organizations in 2022 were doing continuous integration testing as part of the CI/CD pipeline. That to me was bad. And part of the challenge here as we kind of understood this and unpacked this, is we understood that the business KPI was push code out the door fast. We already talked about getting that release out the door fast, only 8% of organizations are able to do so, but the DevOps as their KPIs were to push the big green button, right, push the code out the door.
In 2024, we found that the tests in the CI/CD pipeline, that trending data, that number jumped from 29% in 2022 to 66% in 2024. That's a big jump. And the part of it is because when I've had these conversations with organizations and what they're doing, and a lot of the conversation is around why was this such a big jump? Well, historically what the discussion, the argument was, well, we do sprint releases every two weeks, if we find a bug, we'll just push it out the door and fix it as we do it every two weeks. The problem with that is you're using your end users as the test, the Guinea pigs of what's happening. That's a really risky game, especially when you have... If something doesn't work and you move on to the next application, that's a really risky game. So organizations found that to be an issue, I believe they looked at that and they said, "Okay, we need to fix this," so they moved that up to... That's where that 66% comes in. But we're also seeing this across the industry, right? We're seeing automated testing, it correlates to a 90% reduction in escaped defects that happen in production environments. We're also seeing 81% of organizations that implemented and shift left saw measurable improvements in software quality, team and velocity. Now, keep in mind, shifting left doesn't mean everything goes left because the developers can't just do everything. They're not sitting there with the catchers net going on board, they're actually in... And they don't want to work a 12 to 16 hour workday, so you have to kind of balance this with automation and the right tools. But I do think the next step here in our research, we find that the AI assisted testing is being adopted by over 40% of enterprise improving coverage that reduces the queuing cycle, and I think that is the trend that we're seeing as we kind of go through this research. So what's going on there, Rob? I think that there's a lot happening with regards to testing and automation phases, and as part of the day one, you absolutely have to have that in alignment for sure.
Rob Strechay
>> Yeah, I couldn't agree with the AI stat anymore. I've been talking to a lot of CTOs that I know, and this is one of the places that they could never get really great coverage end to end, and AI has definitely allowed them to come in and step into building better tooling, better plans, better test automation, actual data, better test data, because you need dummy data to go against these testing and API endpoints. And depending on how you're building these applications, you want them to be compartmentalized, so to your point, you can come in and really hit the different compartments independently so you don't have to do a full, "Hey, we're going to do a massive test of all the code all together all the time, once a day," or something like that. To your point about being hourly, you want to be able to get in and test the components in a way that really is realistic based on real world outcomes so that, here's how we go. And I mean, AI is really good at that. AI is really good at taking data and saying, "Hey, what are some of the things that look like it," or maybe, what are some of the things that may go and break this API? That type of stuff, and bringing that quality. And using automation is a big piece of what has been going into that. I think if any part of the SDLC has really changed to your point about, "Hey, we'll catch this in the next sprint," kind of thing, is SDLC on the quality side I think can really improve quickly, especially with security. Like you said, there's shift left. I kind of call it meet in the middle because you're bringing the tooling, there's got to be shared responsibility and operations and shift left, like you said, it sounds like you're throwing it over the wall to people, and that definitely does annoy the dev professionals who also are trying not to do things insecurely to begin with. So again, I think this whole shift left kind of gets blown out of proportion. But I think one of the other things, probably one the... I would say, funny enough, some of the Fast and the Furious movies, like speed kills, but sometimes you can go fast if you're within compliance and you're within the guardrails and you understand what you're doing and you're prepared for that. What are you seeing from an organizational perspective that is allowing organizations to really balance the rapid software delivery with meeting those regulatory and internal compliance requirements? Because GRC is like... I mean, I was at a conference last week and GRC was top of mind for everybody that was building out these agentic applications and their normal applications, funny enough as well.
Paul Nashawaty
>> Yeah, this is a big part of the CI/CD pipeline. I mean, when you look at breaches, for example, we find that in research, we find that 76% of breaches are caused by misconfigurations are unchecked code changes, often stemming from rapid ungovernanced releases. One thing that was kind of brought to my attention when I was getting into the world of being an analyst, one of the things that talked, when we think about delivery in relation to security, sometimes you have to slow down to go faster. And that to me is interesting because I think that we want to get things out the door faster, we want to push things out, but what we also find is if you push out the wrong thing, your reputation, your security breach, your privacy of your data, and your data is your lifeline. So if you push code out the door that's not effective or is insecure, it's a problem. We also find that organizations that are integrated in security early in their pipeline reduce incident remediation costs by upwards of 50%. That's a big piece, and we're going to touch more about the DevSecOps piece as it relates to the CICD pipeline a little bit later in the summit here, but basically we're also seeing that DevSecOps adoption is expected to grow with a CAGR or of 31% as teams align to velocity with audit-ready solutions that allow them to get to the market. So it's really a lot happening here, and I think that this sets a nice, Rob, that's a nice kind of way to segue to the next session here. But I think that as we wrap up the AppDev Done Right Summit session here that we're talking about over day one, we want make sure the audience here really understands that there's a lot here, there's a lot to unpack. And I know I really appreciate you being on because this is awesome, and your perspective and experience in the market really delivers that understanding of where the market's going. And of course, anybody watching, both Rob and I are more than happy to continue the conversation. So this is... As you can tell, we're not afraid to talk. But with that said, remember that embracing intelligent infrastructure solutions is essential to powering faster, more reliable software delivery. So stay agile, keep innovating, and continue to build the applications done right. Thank you for attending this session, and we'll talk to you soon.
Paul Nashawaty