This study by SANS on security practices in software development focuses on DevOps. This report explores how security fits into DevOps, where security risks are, and how they are being managed by corporations.
Can security keep up with rapid iteration in continuous deployment? This study explores the way that forward-thinking organizations keep up with rapid change through DevOps, plus the challenges along the way.
"Shifting left is about including quality and security practices earlier, into requirements, design and coding, instead of relying on acceptance testing and stage-gate reviews to catch mistakes. This comes from the Lean Engineering basis of DevOps: The earlier that you catch and correct mistakes, the more you reduce delivery cycle time and cost. Organizations that leave security to “the right” of the delivery chain force security teams into a corner, without enough time to fix problems before code is delivered."
Involvement of Security Teams in the SDLC
Download the full report now!