DevSecOps

From air
Jump to: navigation, search

DevSecOps is about using the DevOps methodology for security. It’s about breaking the silos of security, giving that knowledge to the different teams, and ensuring that security is implemented at the right level and at the right time. DevSecOps puts security at the forefront of requirements to avoid the costly mistakes that comefrom treating security as an afterthought. Traditional security has always been about exclusion—for example, “need to know” and using the security policy to prevent people from disclosing secrets. DevSecOps is about promoting inclusion and working as a team.

From Francois Raynaud (in) on DevSecOps in https://www.computer.org/cms/Computer.org/computing-edge/ce-jan18-final.pdf