In a world of continuous everything, each discipline has to find ways to provide value fast and reliably. Business people need to be able to adapt to an ever changing world, developers need to deliver software many times per day, and operations need to provide high availability infrastructure at an instant. Stein Inge Morisbak and Erlend Oftedal explore how to integrate security into this work stream.
Reviewing every code change quickly becomes impractical. Integrating security tools into the development and security cycles is hard when you need to focus on security without introducing any noise. Automation as close as possible to when code is written is key to prevent vulnerabilities before they are shipped. But how does one go about automating security? And even when you have done your best effort of not introducing vulnerabilities into production, you are only half way there.
Development, test, and QA are not hostile environments when it comes to security. The real test only happens after you have hit production. Stein Inge and Erlend present experiences with security work on a team delivering continuously, explain the state of continuous delivery and how this affects working with security together, and offer some recommendations for the future.
Stein Inge Morisbak is Manager and Head of Bekk Consulting’s commitment to Continuous Delivery, DevOps and Cloud. He considers himself a cross disciplinary technologist and has 20 years of experience both contributing to and helping others become better at producing excellent software together. He is also an experienced speaker at conferences, organizer of DevOpsDays Oslo and the founder of DevOps Norway Meetup.
Erlend Oftedal is an experienced security consultant and developer currently working as CTO at Blank Oslo. He has worked as a developer and secure coder for over 10 years. He is an experienced speaker and the OWASP Norway chapter lead.
©2016, O’Reilly UK Ltd • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org