In Software Developers Scream, "security, hurry!", I explained why it's crucial that software security matches the lightening speed of modern software delivery. That speed and the processes, people, and tools, that make it happen, are popularly referred to as DevOps.
DevOps describes a tight-knit integeration between the creative process of writing code, and the operational processes of integerating code from multiple developers, compiling or building (where necessary), testing, and releasing to production.
Modern software companies place a high value on being able to release new code to production in minutes.
Like I'm often asked, what then is DevSecOps?
DevSecOps describes the very attainable ideal, that security is seamlessly built into both the creative and operational processes of DevOps. Such that the released software is secure.
Whether you're new to DevSecOps or seeking to deepen your understanding, these 3 resources will be helpful:
DevSecOps.org: A compilation of blogs, how-tos, presentation, and examples for DevSecOps. Most of the content was written a few years ago, but they're still highly relevant.
Awesome DevSecOps Tools: A categorization of different, specialized DevSecOps tools that you can begin exploring today.
Building Security In At Agile Speed: A comprehensive software security book by Resilient's Advisors, Brook Schoenfield and Dr. James Ransome, that describes how to go about building security into any software.
Why Do We Care?
We know DevSecOps, and have even written books about it as described above. Our mission is to partner with software innovators, empowering them to create and release secure software that protects customers and boosts trust. We're uniquely skilled at software security strategy, design, and operations, as-a-service. We meet you where you're at, and leverage over 60 years of combined experience to get you where you need to go.