[Trustable-distros] 92 Percent of Enterprises Struggle To Integrate Security Into DevOps
Edmund Sutcliffe
edmund.sutcliffe at codethink.co.uk
Mon Aug 20 09:10:37 BST 2018
I'm weary of these statements. There is a whole growing discipline
called DevSECOPS
http://www.devsecops.org
which is yet again trying to differentiate itself from everything else
with yet another group of certifications and audit methods.
https://www.devseccon.com/london-2018/
and certainly those certified would disagree with the numbers. I've
noticed with two financial clients recently that they now have competing
teams between the DevOPS and DevSECOPS teams who are in effect at war
with one another.. And the increasing term of Site Reliability
Engineering (SRE) becoming yet a 3rd term for what is covered in both
DevOPS/SecOPS and production engineering with metrics.
The Checkmarx team, the sponsor of the article, are in the business
of selling yet again more static analysis tools, and some simple
Findbugs like approaches.
There are others trying to do the same including the recently purchased
by CA, Vericode, and HP Fortify.
The interesting point to me, is that in fact neither the DevOPS or
SECOPS people are collecting metrics while increasingly the Site
Reliability Engineering teams are increasingly collecting measures and
trying to use these to see if they are improving things. Sadly these
metric often are arbitrary and not aligned against business objects but
progressing the SRE team...
Edmund
On 2018-08-17 04:25, John Ellis wrote:
> https://betanews.com/2018/08/07/enterprise-devops-security/
>
> Very scary.
>
> jte
> --
> Sent while moving from Point A to Point B. Excuse any typos.
> _______________________________________________
> Trustable-distros mailing list
> Trustable-distros at lists.trustable.io
> https://lists.trustable.io/cgi-bin/mailman/listinfo/trustable-distros
More information about the Trustable-distros
mailing list