Francois Raynaud and Kim Carter discuss what’s wrong with the traditional delivery approach and why we need to change. They explore the dangers of retrofitting security to the end of projects, how to combine development, operations, and security people into the same development teams and why, along with cost-benefit analysis. Francois and Kim discuss the cheapest place to deal with defects, challenges facing organizations looking to combine the three skill sets within their development teams, moving security up front, as well as changing traditional thinking.
Show Notes
Related Links
- Episode 247: Andrew Phillips on DevOps
- Episode 221: Jez Humble on Continuous Delivery
- Episode 268: Kief Morris on Infrastructure as Code
- Episode 276: Björn Rabenstein on Site Reliability Engineering
- DevSecOps.org
- Awesome DevSecOps
- DevSecCon
- OWASP Summit
- Guest Twitter: @f_raynaud
- Guest Email: [email protected]
I’m glad I’ve listened to this episode. I didn’t know DevSecOps yet. This is a much better way of doing security compared what I’ve usually seen at companies, or what I was supposed to do as “security champion”.