In this article, we’ll explain what DevSecOps is, how it differs from DevOps, and what security controls it should ideally incorporate.
What is the Difference Between DevOps and DevSecOps?
The simplest way to explain the difference between DevOps and DecSecOps is to look at their definitions side-by-side.
DevOps is a combination of development and operations intended to enable engineering teams to develop software more quickly and efficiently. The ultimate objective is to create a more agile development lifecycle that allows organizations to quickly build and update software applications and assets, providing a better customer experience and a significant competitive advantage.
A simple DevOps pipeline looks like this:
DevSecOps is a combination of development, operations, and security. It aims to fully integrate security components into DevOps pipelines—maintaining speed and agility while ensuring software is resilient to cyber threats. The security team typically supports the “Sec” in DevSecOps—but engineering teams take ultimate responsibility for ensuring the code they produce is secure.
Both DevOps and DevSecOps pipelines typically include a high degree of automation to enable fast, accurate development that supports business objectives without sacrificing software quality.
There is an argument that DevOps and DevSecOps are the same things. Renowned DevSecOps speaker Larry Maccherone has often described security as a component of software quality. In other words, if a software asset is insecure, that should be considered equally important compared to an asset not performing as intended.
While this argument has some clear logic, in practice, most people consider DevSecOps to be the proper