NIST exploring possible DevSecOps frameworks for agencies
Nearly half the organizations have delayed deploying containerized apps into production due to security concerns
Security hampers adoption of containers and Kubernetes. According to a StackRox study, more than 90% of respondents have experienced a security incident in deployments in the last year.
Since Puppet’s State of DevOps report in 2019 we noticed a correlation in the maturity of DevOps and the 22% of firms at the highest level of security integration, which are considered “advanced” in the DevOps evolution. Now Snyk’s report gives additional insights. For example, 31% of respondents aren’t tracking any application
dependencies and only 14% test for known vulnerabilities in container images.
You may have already noted the renewed website of the Chief Software Office of the US DoD. If not, you may check it out for its DoD Enterprise DevSecOps Initiative !
Make security work in your DevOps practice !
How do successful organizations fully integrate security? Read the 2019 State of DevOps report to learn the strong correllation between DevOps performance and the level of integrated security measures. Thank you Puppet, CircleCI and Splunk !
“The security risks inherent in today’s intricate interactions between multiple technology layers, coupled with the globally interconnected and always-on nature of today’s applications, have been compounded by vulnerabilities lying dormant in systems, software, and hardware,” says John Yeoh, VP of research for the Cloud Security Alliance (CSA). “The result is a field ripe for picking by malicious parties across the world.”
The solution is to expand from DevOps to DevSecOps; but achieving a genuine DevSecOps environment is not easy. Speed in code generation (DevOps) is a different requirement to security in code generation, and one can hinder the other. Simply bolting security on to DevOps without full integration is little more than keeping security in its own separate silo.
Lack of DevSecOps integration at retailers shows security is still regarded as separate from the development lifecycle, rather than factored in from the start. https://lnkd.in/eF79KAs
How DevSecOps requires CISOs to see cybersecurity as an opportunity to embrace a new program. https://lnkd.in/epZmipx #cybersecurity #devsecops #ciso
A web-scanning service has analyzed the visible GDPR compliance of the 100 most popular websites in each of the 28 European member states.