Working Group

DevSecOps

Introduction

Businesses are now requiring a stronger collaboration between the development, security and operational functions. This addition of security creates DevSecOps. In the past, the security needs were either skipped or only addressed after the deployment of applications, or worse after security vulnerabilities were exploited. Such an approach increased risks to the deployment and contributed towards a more hostile relationship between security and the development and operations teams. DevSecOps focuses on creating a transparent and holistic management approach that leverages the synergies between the development, security and operational functions, making way towards a proactive and agile security stance. By addressing cultural changes within the work force and adhering to a new combination of tactics, security can become a functioning part across all life cycles and developments.

Artifacts

Six Pillars of DevSecOps

Release Date: 08/07/2019

In our current state of cyber security, there has been a large growth of application flaws that bypass the continuing addition of security frameworks to ensu...

Six Pillars of DevSecOps

Information Security Management through Reflexive Security

Release Date: 08/01/2019

This document defines “Reflexive Security” as a new security management approach that is built upon the interrelationships between security, development and ...

Information Security Management through Reflexive Security

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.