Phil Kernick, co-founder and CTO of cybersecurity specialist CQR Consulting, has no fundamental problem with DevOps, but asks, from a security perspective, “How many people do it right?” If DevOps is going to work and produce secure systems, then developers must take responsibility for security. It’s not something that can be treated as an additional […]
Has DevOps Caused the Re-emergence of Shadow IT?
Shadow IT is back, and this time, it’s in the DevOps toolstack “One of our clients conducted an audit and found more than 10,000 Jenkins instances across their IT landscape!” This remark from a tooling vendor that helps enterprises centralize their continuous integration infrastructure really took me by surprise. For starters, I was impressed how […]
Cloud Services Demand Security Up the DevOps Stack
In the era of soaring use of public cloud by companies, software delivery is moving away from an on-premises install approach to a cloud-based subscription model through software as a service (SaaS). Customers expect a lot when it comes to SaaS products and services. Whether they are investing in SaaS-first offerings or shifting workloads to […]
DevOps Chat: Developers and Security with Pete Chestna, Veracode
In this DevOps Chat we speak with Pete Chestna of Veracode about the roles and opinions of both developers and security pros about how and who should be working on security in the enterprise. Much of the discussion centers on a survey Veracode conducted with consulting firm Enterprise Strategy Group (ESG). Pete is always a […]