Talking about the technology industry today can feel like giving your toddler a set of wooden blocks with different abbreviated words on them, and telling them to arrange them in a way that looks like it makes sense to them. They don’t really know what it means but it’s a fun game to play.
DevOps, OpSec, DevSecOps, SecOps, NoOps — the combinations seem endless but what do they actually mean for improving the security of your development and deployment of products?
The Ops Generations — Getting To Know The Terminology
Unless you were living under a rock for the past three years, DevOps has been the goal for organizations developing applications to become more efficient, breaking down the walls between development and operations in the hopes of improving visibility which can enable faster releases. Part and parcel of this Agile methodology is the concept of frequent trial and error. Developers create a basic product and then test the stuffing out of it with regular feedback loops to catch issues early before they become more difficult to fix later in the process when more of the product has been built on faulty code.
In their excitement over DevOp’s ability to swiftly and efficiently move products through the various stages of development and production, organizations appear to have woken up in the past year or so with the realization that they forgot to include security in this process, leaving many of their products insecure.
The push to incorporate security into your DevOps workflow has led to the DevSecOps generation, a concept that is starting to take off as companies begin to understand that by implementing automated security tools and retraining your developers on how to think about secure practices for building their products, (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Gabriel Avner. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/secops