According to DevSecOps: Early, Everywhere, at Scale, a survey published by Sonatype, "Mature DevOps organizations are able to perform automated security analysis on each phase (design, develop, test) more often than non-DevOps organizations." Since DevOps enables strong collaboration and automation of the process and enforces traceability, mature DevOps organizations are more likely to perform automated security analysis than non DevOps organizations. My previous blog post, Microcosm: A Secure DevOps Pipeline as Code, helped address the problem that most organizations do not have a complete deployment pipeline in place (and are therefore not considered to be DevOps mature) by automating penetration tests of software applications and generating HTML reports as part of the build process through the Jenkins CI service. In this follow-up blog post, I explore the use of a service evolution of Microcosm as a simple one-stop shop for anyone interested in learning how to implement a DevSecOps pipeline.
Data analysis is complex and, at times, overwhelming. Automation increases an analysis team's ability to continuously improve their process. Specifically, the automation of software is the best way to manage all of the iteration and repetition that proper data analysis requires. DevOps is the perfect fit when planning a project that requires software, automation, and collaboration. In particular, DevOps improves all aspects of the data analysis process and allows teams to automate all software-based aspects of the data analysis process and effectively collaborate with all project stakeholders. In this blog post, I explore the ways in which DevOps improves data analysis.
When it comes to information technology services that are customer facing, traditional enterprise organizations tend to favor stability over change. According to a Netcraft survey from March of last year, there were 185 million web sites hosted by Windows 2003, an operating system that has been out of support since July 2015 . Many of these servers are still running because of the "if it isn't broken, don't fix it" motto. While reducing software and system churn would seem like the best way to promote stability, it can eventually harm application security and stability. This blog post explores some basic DevOps practices that will improve application security while helping to maintain a stable operating environment.
The Second International Conference on Technical Debt will be held in Montréal, QC, Canada, on May 26-27, 2019, collocated with ICSE 2019. The conference brings together leading software researchers, practitioners, and tool vendors to explore theoretical and practical approaches that...