What is DevSecOps?
DevSecOps refers to the integration of security practices into a DevOps software delivery model. Its foundation is a culture where development and operations are enabled through process and tooling to take part in a shared responsibility for delivering secure software. To understand where this DevSecOps definition comes from, we must first understand the origins of DevOps.
DevSecOps vs DevOps
The difference between DevOps and DevSecOps is, to put it simply, the culture of shared responsibility. DevOps is a concept that has been talked about and written about for over a decade, and many definitions of DevOps have emerged. At its core, DevOps is an organizational paradigm that aligns development and operations practices as a shared responsibility.
Many would agree that the goal was to create an environment in which business value is created by moving from code to production with a seamless and sustainable flow. With this new model came tools and methodologies that increased the pace and resulted in a bottleneck where traditional security practices with slow feedback cycles became inhibitive of high-pace DevOps practices. As a result, security practices were often only accomplished post-production or by external teams injected into the process thus slowing things down.
To make the difference between DevOps and DevSecOps clearer, DevSecOps extends the DevOps culture of shared responsibility to also include security practices. Activities designed to identify and ideally solve security issues are injected early in the life cycle of application development, rather than after a product is released. This is accomplished by enabling development teams to perform many of the security tasks independently within the SDLC. The approach helps minimize vulnerabilities that reach production thereby reducing the cost associated with fixing security flaws. It cr ..
Support the originator by clicking the read the rest link below.
