Michelle Ribeiro - Learning DevSecOps: Integrating Continuous Security Across Your Organization
Here you can read online Michelle Ribeiro - Learning DevSecOps: Integrating Continuous Security Across Your Organization full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2024, publisher: OReilly Media, genre: Computer. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:Learning DevSecOps: Integrating Continuous Security Across Your Organization
- Author:
- Publisher:OReilly Media
- Genre:
- Year:2024
- Rating:3 / 5
- Favourites:Add to favourites
- Your mark:
Learning DevSecOps: Integrating Continuous Security Across Your Organization: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "Learning DevSecOps: Integrating Continuous Security Across Your Organization" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Michelle Ribeiro: author's other books
Who wrote Learning DevSecOps: Integrating Continuous Security Across Your Organization? Find out the surname, the name of the author of the book and a list of all author's works by series.
Learning DevSecOps: Integrating Continuous Security Across Your Organization — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Learning DevSecOps: Integrating Continuous Security Across Your Organization" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
by Michelle Ribeiro
Copyright 2021 SPIRITSEC. All rights reserved.
Printed in the United States of America.
Published by OReilly Media, Inc. , 1005 Gravenstein Highway North, Sebastopol, CA 95472.
OReilly books may be purchased for educational, business, or sales promotional use. Online editions are also available for most titles ( http://oreilly.com ). For more information, contact our corporate/institutional sales department: 800-998-9938 or corporate@oreilly.com .
- Editors: Corbin Collins and Mary Preap
- Production Editor: Katherine Tozer
- May 2022: First Edition
- 2021-06-21: First Release
- 2021-09-10: Second Release
- 2021-12-09: Third Release
See http://oreilly.com/catalog/errata.csp?isbn=9781098106942 for release details.
The OReilly logo is a registered trademark of OReilly Media, Inc. Learning DevSecOps, the cover image, and related trade dress are trademarks of OReilly Media, Inc.
The views expressed in this work are those of the author, and do not represent the publishers views. While the publisher and the author have used good faith efforts to ensure that the information and instructions contained in this work are accurate, the publisher and the author disclaim all responsibility for errors or omissions, including without limitation responsibility for damages resulting from the use of or reliance on this work. Use of the information and instructions contained in this work is at your own risk. If any code samples or other technology this work contains or describes is subject to open source licenses or the intellectual property rights of others, it is your responsibility to ensure that your use thereof complies with such licenses and/or rights.
This work is part of a collaboration between OReilly and F5 Networks / NGINX. See our statement of editorial independence.
978-1-098-10694-2
With Early Release ebooks, you get books in their earliest formthe authors raw and unedited content as they writeso you can take advantage of these technologies long before the official release. If there is a GitHub repo associated with the book, it will be made active after final publication. If you have comments about how we might improve the content and/or examples in this book, or if you notice missing or inaccurate material within this chapter, please reach out to the editor at ccollins@oreilly.com.
DevSecOps is a cultural change aiming to integrate security into the rapid-release cycles typical of modern software application development and delivery, known as DevOps. The ultimate goal of DevSecOps is to have development, security, and operations teams working together to create business value through the fast delivery of secure software using a process of continuous security.
This integration is a concept that the IT industry has long wrestled with but has become possible only today due to the many evolutions the software engineering industry has undergone in the last 20 years. The Agile and DevOps movements promoted the necessary culture and tools needed to bring DevSecOps into life.
This chapter explores what DevSecOps is, what we secure, and the benefits of DevSecOps adoption. It concludes with common misconceptions about the term. I hope that by the end of the chapter, you will be able to understand the difference between DevSecOps, continuous security, and security as code.
During the QCOn 2019, Guy Podjarny, CEO of Snyk, gave a talk titled The Three Faces of DevSecOps, which I find helpful to illustrate and simplify the meaning of the term DevSecOps. For him, if DevOps has the following three components:
Culture
Methodologies
Tools
Following on that, in practical terms, DevSecOps simply means the following:
To introduce security into DevOps culture
To secure DevOps methodologies
To secure DevOps tools
Lets examine in detail what each of these components implies.
The cultural aspect, especially the idea of shared ownership that brought Dev and Ops teams to work together, is the keystone of any DevOps program. So, we just need to get InfoSec to the room and wait for better results, right? Perhaps, but in reality, creating this collaborative environment took almost a decade to gain traction.
In my view, its important to remember that technical transformation takes time so we can allow our teams to adapt at their own pace. For example, in established organizations with separated groups, Ive found it risky to start a DevOps journey and simultaneously put security into the mix. It can be much more costly and time-consuming than it would be in a startup that is beginning from scratch.
To help understand how the IT industry got into this moment, illustrates how we used to create software in the old times of the waterfall model, composed of a linear workflow. First, during the Concept and Planning stage, system analysts gathered a list of stakeholders requirements. Then developers would spend months working on the softwares Architecture and Design. Only when the code was fully baked would the IT operations team get involved to begin to prepare for Implementation (usually involving late work or weekend journeys).
During the Testing and Bug Fixing phase, the company would conduct several assessments, including application security audits. Then the security auditors would provide a list of vulnerabilities along with a remediation plan, and, you guessed it, the company could take even more valuable time to implement it. Or to release it anyway.
In 2001 the Agile movement acknowledged the fact that any software project is constantly changing and urged retirement of the idea of linear workflow. Through the fast and continuous release of software, the Agile development lifecycle allowed developers to receive earlier feedback from their customers and identify problems before the product reached implementation, as shown in .
In 2008 Patrick Debois presented the notion of Agile Infrastructure at the Agile Conference in Toronto. He was looking for means to support the development team to accelerate the push of new code into production, a concept also proposed by Andrew Shafer. In 2009, at the OReilly Velocity Conference, John Allspaw and Paul Hammond from Flickr gave their now-famous talk entitled 10 Deploys a Day, consolidating the notion that IT operators could be as agile as developers.
Allspaw and Hammond demonstrated that by stimulating a cultural change based on communications and cooperation between the two teams, Flickr automated its infrastructure and reached the process of continuous integration and deployment, as shown in Figure 1-3. At the end of that year, Debois organized the first DevOpsDays conference in Ghent, Belgium. Since then, other DevOpsDays events worldwide have promoted the culture, methodologies, and tools, mainstreaming the term DevOps.
Font size:
Interval:
Bookmark:
Similar books «Learning DevSecOps: Integrating Continuous Security Across Your Organization»
Look at similar books to Learning DevSecOps: Integrating Continuous Security Across Your Organization. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book Learning DevSecOps: Integrating Continuous Security Across Your Organization and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.