search menu icon-carat-right cmu-wordmark

You Build It, You Secure It: Higher Velocity and Better Security with DevSecOps

May 2019 Presentation
Anders Wallgren (Electric Cloud)

This presentation shares tips that allow developers and operators to increase delivery velocity and harden pipelines by addressing security earlier in the delivery process.

Publisher:

Software Engineering Institute

Watch

Abstract

One of the challenges businesses face today is the mandate to be agile and release software faster while at the same time ensuring they’re not the next news headline for a major security breach. One of the biggest stories in recent cyber history was the Facebook hack. In September of 2018, Facebook saw the biggest security breach in its history and over 50 million individuals’ private data were compromised. You and I could have been hacked, and we didn’t have a choice.

If the goal of DevOps is continuous delivery, then the goal of DevSecOps is eliminating the possibility of pushing vulnerable or insecure software releases to production. It’s 30 times cheaper to fix a security defect in development compared to production, yet security is often treated as an afterthought and a bottleneck. It doesn’t have to be that way. DevSecOps practices build security and quality into the software delivery process by making everyone responsible for security at every stage of the delivery pipeline.

In this session, we share tips that allow developers and operators to increase delivery velocity and harden their pipelines by including security earlier in the delivery process.