User:Kermit2/DevSecOps

DevSecOps, a clipped compound of DevOps and security, is a computer software development methodology which aims to integrate computer security into every aspect of a software development life cycle from design to development, testing, production, and ongoing operations.^[1] The goal of DevSecOps is to create an environment where building, testing, and deploying software can occur rapidly, frequently, and securely.^[2]^[3]

Background

DevSecOps refers to the discipline and practice of safeguarding the entire DevOps environment through strategies, policies, processes, and technology.^[4] Reducing technical debt with early security involvement is a key DevSecOps imperative.^[5]^[6]

A growing consensus acknowledges the impossibility of perfect attack prevention.^[7] ^[8] To prepare for the eventuality of a breach or insider threats, DevSecOps practices rely on rapid detection and response as the primary tools for feedback and improvement.^[9] Solutions for rapid threat detection and incident investigation increasingly focus on behavioral anomalies (instead of attempting to identify and prevent known attacks), and are available for endpoints^[10] as well as cloud implementations.^[11]

References

^ DevSecOps: How to Seamlessly Integrate Security Into DevOps, ID F00315283 (Report). Gartner. 9 September 2016.
^ "DevSecOps: What it is and how it can help you innovate in cybersecurity".
^ "DevSecOps teams securing cloud-based assets: Why collaboration is key".
^ "DevOps Security and Best Practices". BeyondTrust. 6 March 2018.
^ "Architectural Technical Debt". Carnegie Mellon Institute. 9 September 2016.
^ "Early Software Vulnerability Detection". Carnegie Mellon Institute. September 2016.
^ "Good cybersecurity doesn't try to prevent every attack". Harvard Business Review. 25 October 2016.
^ "Resistance is futile" (PDF). ISACA. March 2016.
^ "Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps".
^ "What endpoint detection and response definition". September 2016.
^ "Exceptional Insights into cloud entities and their interactions" (PDF). June 2017.

External links

Category:Software development process Category:Information technology management Category:Computer security models

This computer security article is a stub. You can help Wikipedia by expanding it.

[1] DevSecOps: How to Seamlessly Integrate Security Into DevOps, ID F00315283 (Report). Gartner. 9 September 2016.

[2] "DevSecOps: What it is and how it can help you innovate in cybersecurity".

[3] "DevSecOps teams securing cloud-based assets: Why collaboration is key".

[4] "DevOps Security and Best Practices". BeyondTrust. 6 March 2018.

[5] "Architectural Technical Debt". Carnegie Mellon Institute. 9 September 2016.

[6] "Early Software Vulnerability Detection". Carnegie Mellon Institute. September 2016.

[7] "Good cybersecurity doesn't try to prevent every attack". Harvard Business Review. 25 October 2016.

[8] "Resistance is futile" (PDF). ISACA. March 2016.

[9] "Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps".

[10] "What endpoint detection and response definition". September 2016.

[11] "Exceptional Insights into cloud entities and their interactions" (PDF). June 2017.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

Background

See also

References

External links