DevSecOps for a Dollar or Less

Anyone who grew up with siblings knows the phrase, “There is a wall here!!!!!” Of course, there wasn’t a physical wall, but an imaginary border that separated you and protected your space.

In software development, walls aren’t helpful. We don’t need to protect our space (although sometimes we might feel like it). We need to break down the walls.

In traditional software development, invisible walls exist between the business requirements and the development teams. Development may not fully understand the business goals, the users, etc. The risk is developing software that doesn’t meet the goals of the organization.

Enter Agile. It was a positive advancement in communication between the business managers, users, and developers. Still, a wall of confusion may remain between developers and operations. They do not always communicate well. Operations often doesn’t understand all that development needs, and development doesn’t understand all of operations requirements, or takes shortcuts to work around them.

DevOps seeks to break down the walls so that all of the functions work well with each other, continuously. This enables better understanding and helps stakeholders meet the organization’s shared goals and requirements. Mohammed Imran (@secfigo), a security engineer and DevSecOps trainer, spoke on the concepts behind implementing DevSecOps into your organization at last year’s All Day DevOps conference.

Mohammed introduced the concept of the evolution of the walls between different business units to start his presentation. He emphasizes how the old software development lifecycle (SDLC) had a definite start and end, but now software development is endless, constantly seeking to monitor, fix, and improve.

 

DevOps continuous loop

 

But DevOps, not fully implemented, can create a Wall of Compliance between development and security. In reality security in most organizations has a love/hate relationship with everyone else (kind of like siblings) and they are outnumbered. (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Derek Weeks. Read the original post at: https://blog.sonatype.com/devsecops-for-a-dollar-or-less