Dev, Sec and Ops — A three-way made in tech heaven

The DevSecOps way

Why?

What?

Security ASAP
  1. Separate teams doing Dev, Ops and Security means that when something goes wrong, the blame is passed around, thus wasting valuable time and learning no lessons.
  2. In a rush to deliver, we push critical fixes to later Sprints when a jaded dev team might be too high on the go live success to patch the vulnerabilities effectively.
  3. The rush to deliver — Everybody wants to push the envelop to get things into production. Clients, Product Owners, Managers and other stakeholders want the win yesterday. So there is a constant rush to put code into production asap. Good design and efficient code gives way to stop gap arrangements in code. Cargo culting inroduces further antipatterns.
  4. Not putting enough thought into securing the platform. Especially if an organization does not have a Cybersec advisory panel.

How?

Which?

  1. SAST(Static application security testing) — Analyze at rest

SUMMARIZING

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

PolkaCipher — Cross-Chain Privacy Preserving Oracle On Polkadot

Cryptojacking is a thing, and you need to take it seriously

UENC Project Weekly Report: #71 (May 10, 2021 — May 14, 2021)

❤️#NFTP ILO updates.

ICPCarrots Claim starts now!

Managed IT Services: How they can Help Your Business

Fetch.ai new services and commission update

A smooth part in a robbery: Get my iPhone back with iCloud

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ritesh Shergill

Ritesh Shergill

More from Medium

Zero Logon — CyberDefense Walkthrough

Hooking Control Flow Guard (CFG) for Fun and Profit

Difference between VA and PT.

What Is Attack Surface Analysis? — Informer