“ Once integrated into the development pipeline , security scans can become so automated that they become second nature ”
STEPHEN
GATES SECURITY EVANGELIST , CHECKMARX
As Peter Chestna , North American CISO at Checkmarx , explains , DevOps in general is about flow , fast feedback loops , and experimentation and learning : known as ‘ the three ways ’ of DevOps .
“ The ‘ Sec ’ in DevSecOps calls attention to security as an important part in both the culture and process ,” Chestna says . “ The main advantage of DevSecOps is that it enables the quick release of secure software to customers . When done properly , experimentation and learning alongside fast feedback enables continuous improvement , which nets faster releases as well as higher quality and security over time .”
Automation is the key to the kingdom Automation is at the heart of DevSecOps , with the security tools ’ continuous monitoring and testing allowing DevOps teams and security experts to focus on activities that enhance business sense .
DevSecOps removes the overhead of remembering to run security tools and processes . Organisations can set up
technologymagazine . com 119