Shifting Security Left: The Innovation of DevSecOps

Application security, or AppSec, is hard. For development teams, it often comes into development late in a release cycle and demands changes to the software that seem unreasonable. For the AppSec team, being introduced to a project after the application has been designed and much of the code has been written means there will be […]

Read more
Rethinking Your Measurement and Metrics for Agile and DevOps

One of the key conversations organizations and teams forget about in their transition to agile and DevOps is updating their measurement and metrics plan. Many companies are still using measurements and metrics from the traditional waterfall software development lifecycle. While some of these remain useful, many may not provide value to the team or organization—and […]

Read more
Agile Tips to Make the Most of Conferences

Time spent at a conference is precious, so you should make sure there is a return on that investment. What better way to do so than to leverage agile ideas? Here are a few tips based on the principles behind the Agile Manifesto for getting the most out of attending a conference. Embrace change Like […]

Read more
The Metrics behind High-Performing DevOps Organizations

The 2019 Accelerate State of DevOps report was recently released. This annual research compilation is a great resource to see what’s going on in the world of agile and DevOps. The report evaluates organizations against five key metrics, collectively called software delivery and operational performance metrics: Lead time for changes: How long does it take for a […]

Read more
Red Tape and Federated Users

Background A client recently wanted to move several DevOps and scanning tools into the cloud, to which they were in the process of proving out and transitioning. We had a number of security scanning and static analysis tools, along with corresponding dashboards and a continuous integration server to orchestrate them. All of these tools were […]

Read more
Debunking 4 Myths of DevSecOps Adoption

Every day organizations incorporate DevSecOps into their software development, security, and operations practices to ensure they can build critical security controls into their agile software delivery. According to one survey, 84 percent of respondents said it’s difficult to reduce risk to their applications because they’re not able to monitor, detect, and prevent attacks at the application level. […]

Read more
X