Are DevOps and DevSecOps Headed in Opposite Directions?

There used to be a time when software development liked divisions of labor. Siloed thinking and solitary departments working as stand-alone units ruled the scene and there was no talk of collaboration or teamwork. Long gone are those days.

In today’s agile development marketplace, cross-disciplinary development requiring the active involvement of multiple teams at various stages of the product lifecycle, is a common practice and a production necessity. That is what the formation of designated teams like DevOps are all about.

But what do DevOps and DevSecOps — yet another union of different divisions within an organization with the intention of rushing to the aid of agility and fast delivery — have in common and what are the relationships between these development models? Are they indicative of a trend that favors the multidisciplinary and the collaborative, in software development? Or are they two separate forces pulling in opposite directions, offering contending modalities of software creation?

Arriving at DevOps

Lets begin with a swift stroll down memory lane, when the market demand for fast innovation leads to the rise of DevOps, a team of developers and operations personnel who were tasked with the job of automating once manually-done processes such as component selection, integration, configuration and provisioning, compliance management, backup processes, asset tracking, deployment and post-release monitoring, to name a few. In an effort to keep the production pipeline moving at all times, DevOps teams became the gatekeepers and janitors of all automation in application development.

The formation of DevOps teams did well to heal the historic divide between development and operations. In remedying this rivalry, DevOps was able to move away from previous models of software development, namely the waterfall model, with its siloed thinking and separation of labor whereby developers were responsible for producing code and operations maintained responsibility (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Anat Richter. Read the original post at: