DevSecOps puts security in the software cycle

Addressing cybersecurity can be a challenge when the focus is on speed in software development and production life cycles.

Image: Murrstock/Adobe Stock

The push to innovate and create can often drive software developers to move at breakneck speed to deliver new apps, updates and bug fixes — a frenetic pace that can lead to security oversight.

DevSecOps — a portmanteau for developers, cybersecurity and operations — is a collaborative method that brings principles of application security into software development and operations with as little friction and as much agility as possible. The goal? Products can be rolled out at speed without compromising application security.

Adding security to the software lifecycle

DevSecOps bakes security into the product at every stage of the software development and delivery process, according to software intelligence firm DynaTrace, which released a white paper on the matter.

Must-read security coverage

“DevSecOps grants visibility into code vulnerability; it also provides a deep understanding of how a target tolerates a real attack, and just how far an attacker can go,” DynaTrace said.

Edward Amoroso, CEO of TABCyber, said security in operations is driven by how quickly changes need to be made.

“Are circumstances changing hour by hour, minute by minute, or month by month? If it’s a pacemaker, the software isn’t getting updated, if it’s social media, it is,” Amoroso said. “Do I really need to automate DevOps security telemetry for a device that will not receive software upgrades?”

SEE: Why more is

Read more

Explore the site

More from the blog

Latest News