The Science of Compliance: Early Code to Secure Your Node

This is a summary of Judy Johnson’s talk “The Science of Compliance: Early Code to Secure Your Node”. Watch the entire presentation below. 

We’re here to talk about the science of compliance. We’re going to answer several important questions and, by the end of the post, you’ll understand what compliance is. You’ll know why it matters, and how to achieve it.

Why Does DevOps Matter?

We can sum up why DevOps matters in four basic points:

  • Cooperation
  • Communication
  • Repeatability/Consistency
  • Efficiency

Under DevOps, teams work together toward the same goal. With the help of automation and documentation, we can improve the way team members communicate. That leads to consistent and repeatable processes. Those processes, in turn, make the whole organization more efficient.

What Is DevSecOps?

DevSecOps is basically DevOps plus security. This is how RedHat defines it:

DevSecOps means thinking about application and infrastructure security from the start. It also means automating some security gates to keep the DevOps workflow from slowing down. […] However, effective DevOps security requires more than new tools—it builds on the cultural changes of DevOps to integrate the work of security teams sooner rather than later.

Here’s another quote by Gene Kim:

In high-performing organizations, everyone within the team shares a common goal- quality, availability, and security aren’t the responsibility of individual departments, but are a part of everyone’s job, every day.

In other words, DevSecOps is just making security a priority from the start and the responsibility of everyone.

Is The “Sec” in DevSecOps Really Needed?

Should the “Sec” part be needed in DevSecOps? Shouldn’t it be implicit?

As far as I’m concerned, we should just call it “DevOps.” DevOps is DevOps, it just means “we’re working together, toward the same goal.” If we were to add every essential or (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Carlos Schults. Read the original post at: