Working Group

DevSecOps

Join Group

Introduction

Businesses are now requiring a stronger collaboration between the development, security and operational functions. This addition of security creates DevSecOps. In the past, the security needs were either skipped or only addressed after the deployment of applications, or worse after security vulnerabilities were exploited. Such an approach increased risks to the deployment and contributed towards a more hostile relationship between security and the development and operations teams. DevSecOps focuses on creating a transparent and holistic management approach that leverages the synergies between the development, security and operational functions, making way towards a proactive and agile security stance. By addressing cultural changes within the work force and adhering to a new combination of tactics, security can become a functioning part across all life cycles and developments.

Artifacts

The Six Pillars of DevSecOps: Collective Responsibility
The Six Pillars of DevSecOps: Collective Responsibility

The DevSecOps Working Group identified and defined six focus areas critical to integrating DevSecOps into an organization, in accordance with...

Six Pillars of DevSecOps
Six Pillars of DevSecOps

In our current state of cyber security, there has been a large growth of application flaws that bypass the continuing addition of security fr...

Information Security Management through Reflexive Security
Information Security Management through Reflexive Security

This document defines “Reflexive Security” as a new security management approach that is built upon the interrelationships between security, ...

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.