DevOps Security Bloggers Network 
SBN

DevSecOps Elite and Their Reference Architecture

Katie McCaskey by Katie McCaskey on October 25, 2019

Who are members of the DevSecOps elite, and what tools do they use? And, why should you care? 

The Sonatype community has a few insights. Two Sonatypers shared insights at DevOps World | Jenkins World this past August – highlighting the importance of understanding what others are saying, to assess your own processes. 

The DevSecOps Elite

Sonatype’s Derek Weeks (@weekstweets) shared insight from the 2019 DevSecOps Community Survey. Close to 6,000 practitioners provided thoughts on staffing practices, educational priorities, automation choices, and process improvements that improve their cybersecurity preparedness. It also uncovered details of where automation fails, awareness falls short and breaches happen – and what makes an Elite DevSecOps practice.

In his presentation, 10 Attributes of the DevSecOps Elite, Derek highlighted the habits practiced by these Elite organization that others can then apply to — or further mature within — their own organizations. Here’s a brief look at five of the ten characteristics. Watch his presentation, below, to examine all of the attributes.

  1. Embrace automation. Elite DevSecOps practices are 350% more likely to have fully integrated and automated security practices across the DevOps pipeline.
  2. Favor container security, web application firewalls and software component analysis. 91% of elite DevOps practices emphasize security at the container/application level, 85% prioritize additional resources at the web application firewall level, and 84% emphasize governance of open source components used in development.
  3. Utilize more third-party tools to augment cloud service security. Elite DevSecOps practices are almost twice as likely to augment the security features delivered by their cloud providers with third-party cloud security tools, as compared to non-DevOps projects.
  4. Get faster feedback. Automation within developer tooling allows elite teams to address infosec and app security issues faster. 63% of elite practices are notified through their tools.
  5. Follow open source governance (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Katie McCaskey. Read the original post at: https://blog.sonatype.com/devsecops-elite-and-their-reference-architecture

Katie McCaskey , , , ,