Gary Robinson, CEO, Uleska
DevSecOps is the push for security to fit into the success DevOps has created. Since 2015 we’ve been working with 100s of companies on the integration of DevSecOps into software development processes and have seen the troubles, the successes, and the same patterns coming up again and again. Therefore we have collected and are now sharing a Top 10 list of challenges that DevSecOps will need to overcome to truly fulfil its promise and make our lives simpler.
Let’s all repeat to ourselves: “DevSecOps isn’t simple. DevSecOps isn’t hooking in a few APIs into CI/CD. DevSecOps is about giving precise, usable security data, when and where it’s needed.”
Note that in this presentation we very much focus on DevSecOps achieving the same promise as DevOps, i.e. the ability to deliver usable, actionable security within the DevOps or CI/CD pipelines such that the risk to the business is reduced. This means the ‘Sec’ in DevSecOps needs to provide value within the operation and timeframe that DevOps works at. This is a common problem seen in many DevSecOps rollouts.