Traditionally, information security was a bottleneck in software delivery.
It was either “let’s review everything after the software is done” or “you can’t do anything until it’s approved by security”.
In today’s world of DevOps, neither approach is viable.
In a modern software development life cycle (SDLC) you have to eliminate bottlenecks and release fast and seamlessly.
What’s the solution? DevSecOps.
While Baruch has issues with the name (will discuss!), the essence of building security into the process and shifting it left, closer to the source is the right way to go, both Quintessence and Baruch agree.
They will discuss how it should be done, and what changes are required in a mindset, the culture, and the toolchain of software delivery.
Will DevSecOps improve the experiences and outcomes of dev+ops and information specialists? Stay tuned to know the answer!
But as testing along the pipeline doesn’t eliminate the risk of bugs in production, DevSecOps doesn’t eliminate security incidents.
And when that happens, reacting right and fast is the only way to go.
Managing security incidents correctly is all about the right process, and Quintessence knows what to do.