Anshul Lalit43
If you’re doing DevOps correctly then DevSecOps is already a part of it. Do you agree? If yes/no, why?
Marc Cluet #BLM
Yes, it should be part of it, otherwise you're just creating another silo #DevSecOps #DevOpsInstitute #SKILupDay
savinderpuri
Absolutely. But it gets more attention if you call if DevSecOps :-)
Daysha DevOps
100%
Jack Maher MSIS, PMP, DOL, CAL, SRE
I'd say that you can't say you're doing Continuous Delivery if you really can't release your code.
Siddharth
not agree though as correctly doing #DevOps means different thing to different people. May be security is not part of it and next best thing to be focused on. #DevSecOps
Vishnu Vasudevan
Not really. static code scanning, dynamic code scan and Container scan needs to be mandated with thresholds managed by the CISO's and also not taking the control from the engg teams. If there is no thresholds, developers can push it to prod by mistake/error
Helen Beal 🐝
Yes I would BUT DevOps didn't have a very good record of bringing security peeps to the party - for me, it's the opportunity to rightsize the effort that was neglected and sometime, hopefully, it'll fade away. But it's a big topic and there's still a lot of learning
felipe dueñas
Yes, but it is important to measure
Mark Peters
yes but. Only if teams agree security is part of value process. Compliance needs also often call for specialized experts and audit
Daysha DevOps
and that includes security requirements in the backlog and treated as equal with features #SKILupDay#DevSecOps
Anshul Lalit
Great response, @bealhelen
Vishnu Vasudevan
@TinyCyber with Digital transformation and cloud journey security must be part of the process and it cannot be left out or cannot be a after thought.
Helen Beal 🐝
Thanks Anshul :-)
Manny Varela
Yes, but "Continuous Monitoring" is essential!
Mark Peters
@vishnube needs to be more than just scans. Teams have to understand why that process matters and where. Too easy to set scan for passing
Mark Peters
@vishnube agreed. Often teams feel like new feature overweighs security checks. We’ve done two releases without sec fixes because. Welll. FEATURE!