Once again this year staging-devopsy.kinsta.cloud along with Sonatype, The Nexus Community, Gene Kim, Josh Corman and Mark Miller are producing DevOps Connect: Rugged DevOps @ RSA Conference. The full day event takes place at the Moscone Center on the Monday of RSA Week, February 29 (it only comes once every 4 years), 2016. After the […]
Rugged DevOps: Good, Bad & Ugly
The Good: DevOps has been a success for Dev. With higher expectations, better processes, more management focus and new tools like advanced PaaS and containers, developers are churning out more and more software faster than ever. Success! Or is it? The Bad: DevOps has been a success…for Dev. For Dev teams, this may result in […]
Making the Case for Secure, Defect-Tested Software Development
Creating a software security initiative in any organization is no easy feat. Often times, organizational culture or politics can provide development managers with a strong counterargument for implementing software security concepts. Unfortunately, building software without a consideration for security has become a less viable option given the increase in compliance pressures and widely publicized data […]
Getting Rugged DevOps Right
Two Perspectives Jack, an accomplished application security pro, tells me, “The developers won’t talk to us. It’s like we speak a different language. They are releasing new builds so fast, how could they check each one for security vulnerabilities? We can’t move as fast as they do.” Then in the next moment, Diane, a DevOps […]
DevOpsSec: Survival is Not Mandatory
Deming, the patron saint of DevOps once advised, “It is not necessary to change. Survival is not mandatory.” To survive, application development teams are constantly pressured to deliver software even faster. But fast is not enough. The best organizations realize that security, quality and integrity at velocity are mandatory for survival. Hence, DevOpsSec My aim […]
All Systems Fail*
Vince Lombardi once said, “It’s not whether you get knocked down, it’s whether you get up.” But in today’s world of high velocity development and release practices, it’s also about how fast you can get up. Today, we are seeing more news about sites from major online retailers and service providers like HP, Target, PayPal […]
DevOpsSec: 1 in 16 Chances
The quantitative research summarized below, covering over 7,000 repositories across nearly 100 countries, highlights some of the challenges with quality at modern development velocities, especially important for DevOpsSec practices. By leveraging automation in your repository manager, you can improve application quality and reduce unplanned work while lowering exposure to risk. While this practice supports DevOpsSec initiatives, at […]
The Software BOM Squad
In my previous post, “When Good Code Goes Bad“, I shared new research showing the average large development organization consumes over 15,000 known vulnerable and defective components annually. While we can’t stop software from going bad, there are practices from traditional manufacturers that we can use to improve our ability to recall and fix the “bad” […]
The Cost to DevOps: 27 Mufflers
Imagine Imagine that you are designing the 2016 Range Rover line of sport utility vehicles. Like all gas powered vehicles, each one needs an exhaust muffler. Range Rover likely has narrowed in on a preferred provider of mufflers. But imagine what would happen if the designers and factory line workers could pick from any one […]
Bring Your Own Exploit
Here’s a simple question: for each tool that your organization uses, have you (or someone else on your DevOps team) changed the default passwords? That should be a no-brainer, shouldn’t it? Of course you changed them! Or at least you changed them for the tools that looked like they would have default passwords. Well, OK, […]