“According to an ESG survey, DevOps, without an embedded security process, produces some uncomfortable results. For instance, 45% of software releases didn’t go through any security checks or testing, while 35% of new builds are deployed to production with misconfigurations, vulnerabilities or other security issues.
One reason (34%) for these dismal results? Security can’t keep up with the cadence of software releases. To improve these results, something must change, and one impactful change is incorporating continuous threat modeling into the DevOps flow.”
What’s been your experience with DevSecOps and integrating security into development? One good experience I had was working at Automox with a CISO who described himself as “the most business friendly CISO you’re ever going to meet”. He’s now head of security at Zoom so that strategy has been wonderful for his career. And it was a pleasure to work with him on company security concerns.
Any success or horror stories you have to share?