From the course: DevSecOps: Tips for Success
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Bring auditors to the DevSecOps party
From the course: DevSecOps: Tips for Success
Bring auditors to the DevSecOps party
- [Instructor] Just so we don't bury the lede, DevSecOps includes governance, risk, and compliance, which I've shorthanded here just to be audit. Now, it's tempting to leave out audit functions from the DevSecOps journey. But that is shortsighted, and it doesn't represent the sharing and collaboration we like to engender with our DevSecOps efforts. You may have heard this one before. Separation of duties means you can't do DevSecOps. Separation of duties is often a control implemented to stop errors and fraud in the system. Practices like continuous delivery and models where the developer who wrote the code is now responsible for deploying the code seems antithetical to the separation of duties model. Usually the way to deal with this is to show that developers don't deploy their own code, they use an automated system to do so. The system only deploys the code if all of the requirements are satisfied. The tests are passed,…
Contents
-
-
-
-
Be a maker for DevSecOps4m 37s
-
(Locked)
Use developer tactics for security5m 9s
-
(Locked)
Focus on experiments that learn3m 31s
-
(Locked)
Apply security automation for DevSecOps joy4m 46s
-
(Locked)
Learn from safety experts4m 22s
-
(Locked)
Add in chaos for better security results4m 31s
-
(Locked)
Build a sharing culture for security4m 9s
-
(Locked)
Bring auditors to the DevSecOps party3m 24s
-
(Locked)
Find a rugged path for software4m 13s
-
(Locked)
The MEASURE for DevSecOps4m 47s
-
-