Snyk’s  State of DevSecOps 2020

Snyk’s State of DevSecOps 2020

Since Puppet’s State of DevOps report in 2019 we noticed a correlation in the maturity of DevOps and the 22% of firms at the highest level of security integration, which are considered “advanced” in the DevOps evolution. Now Snyk’s report gives additional insights. For example, 31% of respondents aren’t tracking any application
dependencies and only 14% test for known vulnerabilities in container images.

SecurityWeek : The Fundamentals of Developing Effective DevSecOps

SecurityWeek : The Fundamentals of Developing Effective DevSecOps

“The security risks inherent in today’s intricate interactions between multiple technology layers, coupled with the globally interconnected and always-on nature of today’s applications, have been compounded by vulnerabilities lying dormant in systems, software, and hardware,” says John Yeoh, VP of research for the Cloud Security Alliance (CSA). “The result is a field ripe for picking by malicious parties across the world.”

The solution is to expand from DevOps to DevSecOps; but achieving a genuine DevSecOps environment is not easy. Speed in code generation (DevOps) is a different requirement to security in code generation, and one can hinder the other. Simply bolting security on to DevOps without full integration is little more than keeping security in its own separate silo.