DevSecOps for US Agencies
NIST exploring possible DevSecOps frameworks for agencies
Nearly half the organizations have delayed deploying containerized apps into production due to security concerns
Security hampers adoption of containers and Kubernetes. According to a StackRox study, more than 90% of respondents have experienced a security incident in deployments in the last year.
Snyk’s State of DevSecOps 2020
Since Puppet’s State of DevOps report in 2019 we noticed a correlation in the maturity of DevOps and the 22% of firms at the highest level of security integration, which are considered “advanced” in the DevOps evolution. Now Snyk’s report gives additional insights. For example, 31% of respondents aren’t tracking any application
dependencies and only 14% test for known vulnerabilities in container images.
US DoD is going DevSecOps
You may have already noted the renewed website of the Chief Software Office of the US DoD. If not, you may check it out for its DoD Enterprise DevSecOps Initiative !
Avoid to get stuck with security in your DevOps investment
Make security work in your DevOps practice !
How do successful organizations fully integrate security? Read the 2019 State of DevOps report to learn the strong correllation between DevOps performance and the level of integrated security measures. Thank you Puppet, CircleCI and Splunk !
SecurityWeek : The Fundamentals of Developing Effective DevSecOps
“The security risks inherent in today’s intricate interactions between multiple technology layers, coupled with the globally interconnected and always-on nature of today’s applications, have been compounded by vulnerabilities lying dormant in systems, software, and hardware,” says John Yeoh, VP of research for the Cloud Security Alliance (CSA). “The result is a field ripe for picking by malicious parties across the world.”
The solution is to expand from DevOps to DevSecOps; but achieving a genuine DevSecOps environment is not easy. Speed in code generation (DevOps) is a different requirement to security in code generation, and one can hinder the other. Simply bolting security on to DevOps without full integration is little more than keeping security in its own separate silo.
Significant disconnect between DevOps capabilities and DevSecOps readiness
Lack of DevSecOps integration at retailers shows security is still regarded as separate from the development lifecycle, rather than factored in from the start. https://lnkd.in/eF79KAs
DevSecOps, a CISO’s journey ?
How DevSecOps requires CISOs to see cybersecurity as an opportunity to embrace a new program. https://lnkd.in/epZmipx #cybersecurity #devsecops #ciso
Analysis Shows Poor GDPR Compliance in European Websites
A web-scanning service has analyzed the visible GDPR compliance of the 100 most popular websites in each of the 28 European member states.