DevSecOps
DevSecOps, which is short for Development, Security and Operations.
It is a framework that automates the integration of security
practices at every phase of the software development lifecycle.
DevSecOps is not the responsibility of a single person or team, it
is as much about culture change as process and tools. It promotes
autonomy of teams, the shifting left mentality, continuous security
testing, observability, security as code, collaboration, visibility
and transparency. DevSecOps helps bring down vulnerabilities,
maximises test coverage and makes life easier for auditing and
monitoring.
Shifting Left
In software development, when issues or vulnerabilities are
discovered, there is not enough time to remediate them before the
next version or feature is introduced. To keep up with customer
needs, security is at risk of being left behind. Instilling security
in the beginning and adapting security testing be a part of the
development lifecycle increases the chances of addressing things
promptly. Implementing security measures during all stages of the
development lifecycle (shifting left) rather than at the end of the
cycle will ensure the software is designed with security best
practices built in.
By detecting security flaws early in development, remediation costs
are lower, as there would be no need to roll back changes as they
are being addressed on time. This reduces cost, builds trust, and
improves the security and quality of the product.
Recommended training:
- TryHackMe: DevSecOps Learning Path;
- Practical DevSecOps: DevSecOps Professional course.