Beyond Secure Software Development Life Cycle (SDLC) : Moving Towards Secure Dev-Ops

We have heard a lot about secure SDLC (Software Development Life Cycle). So, what next? Everything transforms with time and now is the time for Secure SDLC to be transformed. Secure SDLC is probably going to get metamorphosed into Secure Dev-Ops.

What is Dev-Ops?

Dev-Ops is a software development methodology which focuses on the communication, communication and integration of Developers and IT managers. In short it is an integration between Development and Operations. Historically Development and Operations worked in separate silos. Now with the advent of Agile and focus on releasing new versions in just days the collaboration/integration of development and operations has become an unavoidable truth.

Why is Secure SDLC not enough?

Let’s face the fact: Secure SDLC is not enough. That’s why the industry has adopted Dev-Ops. In order to achieve faster releases,Agile methodologies are the practice of the day. SDLC is gradually getting transformed in Dev-Ops. So it is quite obvious that the need of the day is Secure Dev-Ops and not just Secure SDLC.

( Read More: Top IT Security Conferences In The World )

What is Secure Dev-ops?

Just like the industry has adopted (or is adopting) secure SDLC, we need to do the same with Secure Dev-Ops. In Dev-Ops the communication, Collaboration and integration of Software Developers and IT Operations is the key. Hence this has created new processes to roll out faster releases.

As a part of the secure Dev-Ops program we need to ensure that entire thread of development to release follows the right kind of security practices.

How do you implement Secure Dev-ops?

Secure Dev-Ops would not demand substantially new principles in security. However, it would demand process changes and coordination, understanding between the Development and Operations folks/processes. Some of the basic elements of Secure Dev-Ops would be:

• Nimble security testing
• Secure Coding + Secure Operations+ Secure Collaboration
• Faster communication between Development and Operations on Vulnerability Information
• Faster patching/closure of vulnerabilities
• Defining a process of collaboration between Development and Operation
• Single manager/management system for security during the release cycle

What are advantages of implementing secure Dev-ops?

The following are the benefits of implementing secure Dev-ops:

  • Software features are released quickly and more often
  • Increases trust in your software
  • The customer’s needs are met quickly with highest quality
  • Trust and cooperation built between development and operations team
  • Releases are anticipated, making cost effective and putting less stress on the team.

More:  Want to become a speaker and address the security community?  Click...

Views: 264

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform



CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us


Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */