Software Engineering Institute

Zero trust (ZT) and DevSecOps are popular strategies that leverage automation to execute organizational processes and workflows. ZT is a security strategy that uses policy to enforce explicit trust between subjects and resources. DevSecOps is a development strategy that combines tools and agility to continuously develop and operate software. Both strategies are interdependent and require balancing concerns of how services, data, and infrastructure must be shared to achieve efficiency, cost effectiveness, and risk mitigation for continuous authority to operate (cATO). A mission thread that focuses on the lifecycle of an application being developed within a DevSecOps environment is used to provide the context for this discussion.