In this episode, we discuss the accelerated trends in DevSecOps and AppSec tools that can bridge the gap between security and dev teams.
In the software industry, DevOps has become mainstream and for good reason. It helps development and operations teams to produce software products faster—a primary business objective.
But if security isn’t embedded into the DevOps build process—making it DevSecOps—organizations run the risk of releasing production-level code with defects that hackers can exploit.
In this episode of AppSec Decoded, recorded live at RSA 2022 in San Francisco, cybersecurity experts Natasha Gupta, security solutions manager at Synopsys, and Taylor Armerding, security advocate at Synopsys, discuss pandemic-accelerated improvements in DevSecOps. Among them:
How the use of policy as code can help the developer experience, preventing developers from being overwhelmed with findings that may or may not be critical or even relevant to the priorities of an organization
How intelligent orchestration helps bridge the gaps among security, governance, and development teams, letting them implement policy as code in a scalable way
How building a holistic DevSecOps process requires addressing every stage of the software development lifecycle (SDLC) to make it possible to secure code as fast as it is written, conduct the right tests at the right time, and get actionable insight from testing tools to make smart decisions without the clutter of extraneous work
How to measure the business value of an AppSec program with ASOC—application security orchestration and correlation