DevSecOps, a clipped compound of DevOps and security, is a computer software development methodology which aims to integrate computer security into every aspect of a software development life cycle from design to development, testing, production, and ongoing operations.[1] The goal of DevSecOps is to create an environment where building, testing, and deploying software can occur rapidly, frequently, and securely.[2][3]


Background

edit

DevSecOps refers to the discipline and practice of safeguarding the entire DevOps environment through strategies, policies, processes, and technology.[4] Reducing technical debt with early security involvement is a key DevSecOps imperative.[5][6]

A growing consensus acknowledges the impossibility of perfect attack prevention.[7] [8] To prepare for the eventuality of a breach or insider threats, DevSecOps practices rely on rapid detection and response as the primary tools for feedback and improvement.[9] Solutions for rapid threat detection and incident investigation increasingly focus on behavioral anomalies (instead of attempting to identify and prevent known attacks), and are available for endpoints[10] as well as cloud implementations.[11]


See also

edit

References

edit
  1. ^ DevSecOps: How to Seamlessly Integrate Security Into DevOps, ID F00315283 (Report). Gartner. 9 September 2016.
  2. ^ "DevSecOps: What it is and how it can help you innovate in cybersecurity".
  3. ^ "DevSecOps teams securing cloud-based assets: Why collaboration is key".
  4. ^ "DevOps Security and Best Practices". BeyondTrust. 6 March 2018.
  5. ^ "Architectural Technical Debt". Carnegie Mellon Institute. 9 September 2016.
  6. ^ "Early Software Vulnerability Detection". Carnegie Mellon Institute. September 2016.
  7. ^ "Good cybersecurity doesn't try to prevent every attack". Harvard Business Review. 25 October 2016.
  8. ^ "Resistance is futile" (PDF). ISACA. March 2016.
  9. ^ "Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps".
  10. ^ "What endpoint detection and response definition". September 2016.
  11. ^ "Exceptional Insights into cloud entities and their interactions" (PDF). June 2017.
edit

Category:Software development process Category:Information technology management Category:Computer security models