Deep-Dive into the DevSecOps Framework - Seguridad Mania.com - España y América Latina

Finely-tuned DevOps provides many benefits to an enterprise, including speed of development, improved deployment frequency, better collaboration between Development and Operations teams, lower failure rates of new releases, and faster times to market. But DevOps software development also presents a fundamental challenge to traditional software security practices. Application security often runs at the end of the software life cycle (SLC), and isn’t in DevOps’ hands. The issue then becomes: how to secure DevOps and make it DevSecOps? As application development within Agile environments has increased, the need to bring security into the DevOps equation and enable developers has also grown. Software development is much quicker in an Agile environment. Without proper security or software composition analysis, the breadth of undetected security vulnerabilities can grow farther and faster. With more entryways vulnerable to attack (due to more functionality being introduced in applications), the frequency of attacks has also increased. Thus, the term DevSecOps looks to integrate and open cross-functional organizational structures / communications to include application security throughout the SLC and post-release lifespan. Just as DevOps sought to lower the failure rate of the product, DevSecOps seeks to lower the number of vulnerabilities and increase efficiency for detection of the time-to-fix rate. Join WhiteHat Security’s Chief Scientist, Eric Sheridan, as he discusses the DevSecOps framework from development, build, to deployment.