| |  | | Groups | | | | |  | | | | | Announcement in System Administrator (Windows Linux Unix Apple VMware Oracle EMC Cloud SAP SQL CRM Cisco ITIL SAN) | | | | | | | |  | | | | | | | What are the 10 things that infrastructure & operations leaders need to consider when implemented DevSecOps. Find out here: https://bit.ly/DevSecOpsGartner
Integrating security into DevOps to deliver "DevSecOps" requires changing mind sets, processes and technology. Security and risk management leaders must adhere to the collaborative, agile nature of DevOps to be seamless and transparent in the development process, making the Sec in DevSecOps silent.
Security and risk management (SRM) tasked with ensuring application and data security should:
-Integrate security and compliance testing seamlessly into DevSecOps so that developers never have to leave their continuous integration or continuous deployment tool chain environment.
-Scan for known vulnerabilities and misconfigurations in all open-source and third-party components. Ideally, build out a complete bill of materials using software composition analysis.
-Stop trying to remove all unknown vulnerabilities in custom code, which increases false positives. Instead, focus developers on those with the highest severity and confidence.
-Be open to using new types of tools and approaches to minimize friction for developers (such as interactive application security testing [IAST]) to replace traditional static and dynamic testing.
Get the Gartner Research Report Here: https://bit.ly/DevSecOpsGartner | | |  | | | | | | | | | | | | | | | Don't want to hear from the manager? Unsubscribe here | | | This email was intended for aubrey quarcoo (Layer 7 / CA Technologies). Learn why we included this. | | If you need assistance or have questions, please contact LinkedIn Customer Service. | | | | © 2018 LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085. LinkedIn and the LinkedIn logo are registered trademarks of LinkedIn. | | | | | | | | | | | |
