Yesterday, we had a webcast on 'DevSecOps - is it a Good Thing?' - you can watch the recording here but here's a summary of what we covered:
What is DevSecOps?
Since DevOps originated from the recognition that developers had started to do things like Agile development - the operations teams were getting left behind so, we started with the concept of Agile System Administration & the recognition that we have created silos in the way that we had traditionally organised enterprise IT into a development team. Generally, in software development, security has been looked at as an afterthought - something reflected by security experts.
Will DevSecOps last forever?
We know security has been an afterthought in the DevOps world - DevSecOps is here to try and change that and bring our focus on talking security more, but we don't think it will stay here forever and we've already seen things like Rugged DevOps a year or two years ago. At the end of day, it's around for now to change the things we've been ignoring.
Our key takeaways from the webcast is that DevSecOPs is both a good and a bad thing. It's positive because with it we can address the security constraint and help organisations to have accountability for security - and automate security early as part of our building quality in approach (shifting left). On the other hand, to some people it may cause more confusion between it and DevOps as to why we have another thing and perhaps it's another silo. We think using the term DevSecOps helps us address what has sometimes been an afterthought, and as security practices become a standard part of what we do in DevOps then the term will fade away.
Things That You Can Do Next
- Get a free scan and report on your open source component vulnerabilities
- Book on a DevSecOps Engineering course (Public Schedule Feb 21/22 2018)
- Sit the DevOps Foundation Course as a prerequisite for DSOE - public schedule December 13/14 2017
- Sign up for All Day DevOps - Helen will be talking about DevSecOps and the DevOps Superpattern
Be part of the conversation and join our new DevOps Toolchains LinkedIn group