search menu icon-carat-right cmu-wordmark

A Peek Behind the Curtain: Securely Maintaining a Development Platform

In this talk, the authors discuss various components and capabilities of a development platform and consider how to ensure they are securely operated.

Software Engineering Institute


The capacity for software engineers to build secure software has been revolutionized by modern software engineering techniques. Software engineering teams use myriad techniques, including Agile, DevOps, Kanban, Scrum, CI/CD, IaC, and GitOps to name just a few. But to be leveraged effectively by the development teams, each new technique requires a set of new capabilities. The deployment and maintenance of new capabilities are not trivial tasks. Layer on the requirement for operating the capabilities securely, and we’ve opened a whole new can of worms.