The Vulnerability Deluge: How to Dig In
DevSecOps is here to stay—the next iteration in the Agile development, rapid feedback evolution we’re witnessing in software development today. Security is a critical element in this equation. An element that cannot be neglected.
As we’re bearing witness to a dynamically challenging environment, and now with remote work becoming a widespread and ongoing reality, heightened security awareness is not only an optional course to be completed for additional credits, but rather it is a non-negotiable requirement to be taken seriously. Companies expect their developers to provide high-quality, secure code quickly; however, with reduced development timelines and limited resources, the approach around such expectations needs to evolve with the development landscape.
Development teams are looking for help in adapting to these changes. Organizations need guidance in how best to check and validate secure code quickly. Organizations are also looking for the most efficient and effective means to ramp up development velocity as urgency in demand continues to escalate. Automation is the key. But the question of ‘how’ organizations can bring that to life based on size of operations, development maturity and ramping urgency are the fundamental aspects of what defines the organizational culture of DevSecOps.
Within this presentation, I will explore strategies in which organizations with varying needs and goals can achieve DevSecOps successfully. While sometimes organizational expectations exceed what is currently available in the market, I will also be sharing real-world examples of how organizational expectations were met with out-of-the-box solutions based on my first-hand experience with customers. I will also share common implementation pitfalls that organizations often encounter at the beginning of their DevSecOps journey.
While I do intent to discuss specific tooling solutions within this presentation, I will not be endorsing any specifically. Rather, this will be an unbiased examination of various technologies and the value they may offer when implementing a DevSecOps approach.
More about Nivedita Murthy
Nivedita Murthy is a Senior Security consultant at Synopsys. She has been in the AppSec field for 12 years and has been wading through the DevSecOps world for past 3 years. Before diving into the emerging DevSecOps space, she dabbled primarily in source code reviews, pen testing, vulnerability management and information security policy implementation for Synopsys customers.