Working Group

DevSecOps

Join Group

Introduction

Businesses are now requiring a stronger collaboration between the development, security and operational functions. This addition of security creates DevSecOps. In the past, the security needs were either skipped or only addressed after the deployment of applications, or worse after security vulnerabilities were exploited. Such an approach increased risks to the deployment and contributed towards a more hostile relationship between security and the development and operations teams. DevSecOps focuses on creating a transparent and holistic management approach that leverages the synergies between the development, security and operational functions, making way towards a proactive and agile security stance. By addressing cultural changes within the work force and adhering to a new combination of tactics, security can become a functioning part across all life cycles and developments.

Artifacts

The Six Pillars of DevSecOps: Automation
The Six Pillars of DevSecOps: Automation

Automation is a critical component of DevSecOps because it enables process efficiency, allowing developers, infr...

The Six Pillars of DevSecOps: Collective Responsibility
The Six Pillars of DevSecOps: Collective Responsibility

The DevSecOps Working Group i...

Six Pillars of DevSecOps
Six Pillars of DevSecOps

In our current state of cyber security, there has been a large growth of application flaws that bypass the conti...

Information Security Management through Reflexive Security
Information Security Management through Reflexive Security

DevOps, the practice of applying developmental best practices such as collective collaboration to infrastructure...

Open Peer Reviews

Artifact reviews allow security professionals from around the world to collaborate on CSA research. Provide your feedback on the following documents in progress.