DevSecOps in the Year 2018
•
3 gostaram•76,284 visualizações
Call it what you will - DevSecOps, DevOpsSec, Rugged, Agile Application Security, Shift Left Unicorn Dust AppSec,... The face of security is changing. We'll go through the results of the DevSecOps Community Survey and examine the trends. Then we'll lead a group discussion on the topic. How have you tried to make security part of your SDLC? What have you seen work? What hasn't? What's important to you? From Austin OWASP meetup in June 2018
Recomendados
Recomendados
Mais conteúdo relacionado
Mais de James Wickett
Mais de James Wickett (20)
Último
Último (20)
DevSecOps in the Year 2018
- 1. DevSecOps In the Year 2018 James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 2. Who are these people? James Wickett Head of Research @ Signal Sciences Ernest Mueller Director of Engineering Opeations @ AlienVault James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 3. Get the slides: james@signalsciences.com James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 5. bit.ly/devops-courses James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 6. What is this DevSecOps you speak of? James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 9. The original DevOps Deep Thoughts were created by the hilarious and awesome Josh Zimmerman (@TheJewberwocky) as Not Jack Handey which is parody of Deep Thoughts by Jack Handey. These DevSecOps Deep Thoughts are not nearly as funny nor deep, but hey what do you expect of a parody of a parody? James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 10. DevSecOps is the extension of the DevOps culture for the inclusion of Security James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 11. "Companies are spending a great deal on security, but we read of massive computer-related attacks. Clearly something is wrong. The root of the problem is twofold: we’re protecting the wrong things, and we’re hurting productivity in the process." Thinking Security, Steven M. Bellovin James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 12. For your consideration: Is DevSecOps InfoSec's best chance of survival? James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 13. The survey says... James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 15. 2,076 People Responded James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 16. Major Findings from the DevSecOps Community Survey 2018 James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 17. 74% of respondents report mature or growing in maturity of DevOps Practices James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 18. 48% of developers say security is important but dont have enough time to spend on it James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 19. 73% of mature devops shops say breaches drive interest in DevSecOps James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 20. 1-in-3 report breaches are due to web application vulns James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 21. 72% of respondents see security pros in the role of "nag" James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 22. "many security teams work with a worldview where their goal is to inhibit change as much as possible" James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 23. Yet, 91% agree security is part of everyone's role James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 28. Questions for Austin, TX James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 29. We want this to be a conversation. Try to keep the answers to 30s or less to give everyone a chance to get involved in the conversation. James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 30. 1. What do you wish security people would know about DevOps? James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 31. 2. What do you wish devops people would know about security? James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 32. 3. Have you done or seen done a real win by using DevOps and security together? James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 33. 4. What would you like to see to further your DevSecOps efforts? James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 34. Questions? James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 35. Get the Report! bit.ly/devsecops-report-2018 James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 36. Get the slides: james@signalsciences.com James Wickett (@wickett) | Ernest Mueller (@ernestmueller)
- 37. Thank You James Wickett (@wickett) | Ernest Mueller (@ernestmueller)