Managing Developer Velocity and System Security with DevSecOps
In aiming for correctness and security of product, as well as for development speed, software development teams often face tension in their objectives. During a recent customer engagement that involved the development of a continuous-integration (CI) pipeline, developers wanted to develop features and deploy to production, deferring non-critical bugs as technical debt, whereas cyber engineers wanted compliant software by having the pipeline fail on any security requirement that was not met. In this SEI Podcast Alejandro Gomez, a researcher in the SEI’s CERT Division who worked on the customer project, talks with principal researcher Suzanne Miller about how the team explored—and eventually resolved—the two competing forces of developer velocity and cybersecurity enforcement by implementing DevSecOps practices.
About the Speaker
Alejandro Gomez is a software engineer at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). He has served as a tech lead in multiple DoD projects, bringing technical excellence, bridging communication between management and software teams as well as teaching and mentoring other developers He has constructed Continuous Delivery/Integration software …Read more