The week of April 15th I dedicated every Security In Five podcast episode to DevSecOps and the push to move security left. I was motivated to talk about this push because it’s a concept and challenge I deal with almost daily with my own projects and working with clients.
DevSecOps, or DevOps if you are a stickler, it about changing the way applications are built and delivered. Regardless how fast an application is built, how many releases you have or how many features you introduce the security requirements don’t change. You still have to cover security, period.
The DevOps push through Agile adoption has not had security in the mix and I believe, from my experience and agreeing with studies, applications are getting less secure. Why? Because the speed and promises of delivery are taking priority over security controls. They are either ‘accepted, delayed for remediation or security tests and scans are just not completed at all.
In the Security In Five
Be aware, be safe.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.