In our latest episode of AppSec Decoded, we explore the main drivers of DevSecOps adoption as noted in the BSIMM11 report.
Keeping up with consumer demand and market competition requires faster product development and time to market. But what good is a shiny new device if its embedded software is vulnerable to an attack?
Enter DevSecOps. This relatively new term in the application security space is about introducing security earlier into the software development life cycle (SDLC) by making security a shared responsibility across development, operations, and security teams. These teams address security and quality issues as the code is being developed, with the help of processes and application security testing tools. The result: security weaknesses and vulnerabilities are identified earlier, when it’s cheaper and faster to fix them.
The Building Security in Maturity Model (BSIMM), an annual report that tracks the evolution of software security initiatives (SSIs), noted the prevalence of DevSecOps in today’s standard practices. What’s driving this adoption? The report points to automation, treating security as part of quality, and SSIs moving from a top-down model to a grassroots model as three main drivers.
In our latest episode of AppSec Decoded, Taylor Armerding, Synopsys security advocate, discusses the main drivers of DevSecOps adoption based on the findings from the BSIMM11 report.