Rob Cuddy and Colin Bell highlight that DevSecOps is not the same thing as continuous security—and that the latter requires the real attention and focus.
The biggest focus of DevSecOps has been on getting security into the development pipeline (as well as every part of the process). As 2020 has rolled forward, the pandemic highlighted the importance of security in every person’s role. That’s something that hasn’t always been as obvious to everyone.
While DevSecOps is on the rise, continuous security isn’t yet there. The focus is on getting testing into the pipeline, and there’s so much more to do there. To be clear, pipelines are great, but if bad things are in the pipeline, success won’t come out of it.
Where is Security Today?
Security gets organized around the standard agile development phases:
The automation space is where today’s shift-left mentality has gotten incredibly prominent, with flavors of code analysis tools and myriad other…