In part one of this series, “Rugged DevOps: Survival is Not Mandatory”, I shared news that 1 in 16 open source and third-party components downloaded last year included a known vulnerability. That may not seem like too many until you realize the average company downloads well over 200,000 components annually. These components are electively downloaded by development teams, often unaware of the vulnerabilities that come with them.
Deming, the patron saint of DevOps once advised, “It is not necessary to change. Survival is not mandatory.” To survive, application development teams are constantly pressured to deliver software even faster. But fast is not enough. The best organizations realize that security, quality and integrity at velocity are mandatory for survival. Hence, DevOpsSec
If it does not fit, it does not get done. For many DevOps practices, application security falls into the “does not get done” bucket. That’s because for many DevOps-centric organizations, application security has historically be done somewhere else, by someone else, who is slow.
To find previous blogs in this DevOps series, read: Part 1 – Agile, Component Development & DevOps – A Natural Match Part 2 – DevOps Success is Contingent on Shifting Left Part 3 – DevOps Requires an Optimized Application Development Tool Chain Part 4 – Component Capable Release Management is Key to DevOps Part 5 […]
Can you think of a technology concept that is more hyped than DevOps? We’ve moved past cloud & virtualization, and while not as hyped as Big Data or mobile, everyone on the development and operations side is talking about DevOps, not to mention DevOpsSec. Using several blog posts, I’m going to layout the vision for […]