What is DevSecOps? Why it's hard to do well

Click for: original source

DevSecOps is about introducing security earlier in the life cycle of application development, thus minimizing vulnerabilities and bringing security closer to IT and business objectives. By Lucian Constantin.

DevSecOps is a culture shift in the software industry that aims to bake security into the rapid-release cycles that are typical of modern application development and deployment, also known as the DevOps movement. Embracing this shift-left mentality requires organizations to bridge the gap that usually exists between development and security teams to the point where many of the security processes are automated and handled by the development team itself.

The article then reads:

  • How does DevSecOps differ from traditional software development?
  • Achieving true security/development integration
  • DevSecOps testing and tools
  • DevSecOps adoption

That said, even with DevSecOps, some tasks will still need to be performed by security professionals and manual testing still has its role to play. For example, it’s hard to find logic flaws or design flaws using completely automated scans. You will also get plenty of links to further resources. Nice one!

[Read More]

Tags app-development infosec open-source devops cloud