Strategies
May 23, 2019

Shifting to DevSecOps Is as Much About Culture as Technology and Methodology

1 min. read
By Preston Hogue

This move to container-based development and agile methodologies has been great for innovation and iteration, but it’s also brought a massive shift in the application landscape with real impact on security teams.

In just the past year or two, DevOps has become much more mature. Today we need to understand risks and implement controls not just for 10 or 20 apps—it’s often hundreds if not thousands.

And while there are many cloud-native companies built for this new world whose entire application ecosystems are born in the cloud, the majority of companies are at different stages. Some may still be doing much less frequent releases, whether that be annual, quarterly or monthly. Some are still trying to manage their transition from waterfall-style development to modern application development with agile practices. Older, larger companies in particular may have a wide-ranging mixture of legacy on-prem and new, cloud-based apps.

But beyond the technology itself, security teams must also change the way they work, adopting agile security practices that reflect the way modern dev teams operate.

Read the full article published April 23, 2019 here: https://www.securityweek.com/shifting-devsecops-much-about-culture-technology-and-methodology by SecurityWeek.

Need-to-Know

Expertly picked stories on threat intelligence

Hundreds of apps will be attacked by the time you read this.

So, we get to work. We obsess over effective attack methods. We monitor the growth of IoT and its evolving threats. We dive deep into the latest crypto-mining campaigns. We analyze banking Trojan targets. We dissect exploits. We hunt for the latest malware. And then our team of experts share it all with you. For more than 20 years, F5 has been leading the app delivery space. With our experience, we are passionate about educating the security community-providing the intel you need to stay informed so your apps can stay safe.

Every

9 hrs

a critical vulnerability—with the potential for remote code execution—is released.