The State of DevSecOps
For years now, IT's mantra has been "move quickly and break things." To increase agility, companies adopted innovative and quick development practices. Great redesigns took place in the wake of DevOps. However, in this rush to implement forward-thinking practices, many teams eschewed security.
No longer can institutions disregard security requirements within their DevOps environment. The repercussions are severe; take the growing number of data exploits as evidence. Experts now agree that the automation, containerization, code management and all other elements within CI/CD workflows must incorporate security best practices from the start.
We all feel security increasingly shifting left. This has birthed DevSecOps, a new practice for incorporating security far earlier on in the software development process. Though DevSecOps is an important concept, many gaps still exist. So, what are these holes? And, perhaps most importantly, how can we initiate DevSecOps without sacrificing time to market? For real-world knowledge, we've polled DevSecOps thinkers for their advice.