- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
DevSecOps is short for development, security, and operations. Its main aim is to ensure everyone is accountable for security with the objective of implementing security decisions and actions at the same scale and speed as development and operations decisions and actions. DevSecOps helps bridge traditional gaps between IT and security.
DevSecOps is an extension of DevOps, which brought together development and operations (as well as quality assurance) teams to cross-functionally communicate and work together throughout the software development lifecycle (SDLC). The DevOps environment allows software development to move more rapidly between the stages of building, testing, and releasing software. After software release, DevOps tools and quality-assurance people and procedures continue to monitor the performance and end-user experiences to address problems and then initiate new releases.
As website application development within Agile environments has increased, the need to bring security into the DevOps equation has also grown. Software development is much quicker in an Agile environment, so without proper security, the amplitude of undetected security vulnerabilities can go further, quicker. With more entryways (due to more website applications) vulnerable to attack, the frequency of attacks also increases. Thus, the term DevSecOps looks to integrate and open cross-functional organizational structures and communications to include web and application security throughout the SDLC and post-release lifespan. Just as DevOps sought to lower the failure rate of the product, so does DevSecOps seek to lower the number of vulnerabilities and increase efficiency for detection to time-fix-rate. With a DevSecOps framework, early detection of security threats and vulnerabilities is dramatically increased, as is security solution deployment.
The benefits of DevSecOps can include:
Early identification of vulnerabilities in code
Better collaboration and communication among teams
An ability to respond to change and needs rapidly
Greater speed and agility for security teams
More opportunities for automated builds