We talk a lot about building a culture in which every employee and department puts digital safety first. Everyone pitching in a little bit means the job gets done more thoroughly. Bringing developers, IT operations and security together in a DevSecOps format helps do that. It includes both processes and culture shifts, all of which add a stitch to a blanket over all three teams. Take a look at the challenges to creating a DevSecOps model and how to solve them.
Who Is in Charge?
Organizations that are still struggling with their efforts to transform from DevOps to DevSecOps won’t be doing so forever. Still, there’s work to be done.
One of the main issues that still stands in their way is a lack of clarity regarding who shoulders the burden of security in a DevSecOps model. For example, over a quarter of devs said in a 2020 survey that they felt security was firmly in their hands with the way their employers’ DevSecOps processes were set up. That’s slightly more than the proportion of testers and ops workers who felt the same way at 23% and 21%.
The situation is different for sec teams, however. Close to one-third (29%) of security workers said that no one team should own defense and that everyone should have a hand in it. Plenty of others said they weren’t happy with the timing of developers’ work to find and fix openings that could lead to risk. More than two-fifths (42%) of security experts said that testing still happens too late in the software development life cycle. A further 31 ..
Support the originator by clicking the read the rest link below.
