What's interesting is there is an emphasis on a safe product. This would require a 'DevSafeSecOps' process to be implemented to consider safety properties of a system and safety analysis to be carefully considered as part of an agile process, especially for a safety related product or service.
While this talk places a lot of emphasis on the security to go shift-left in the software development cycle, there's no major mention of protection/security of data within those applications. PII data, for example. What're the best practices to ensure security of something as sensitive as the customer's addresses, phone numbers etc?
I'm a bit confused as to why we should not stop continuous integration on security issues. I thought DevSecOps was about involving everyone in security. Isnt breaking the build the best way to involve devs? If the tools cause too much noise, isn't the problem with the tools? I guess it all depends on the team size. I can see in a 100:10:1 organization, you wouldn't want to stop CI on security checks. But in a 10:2:2 organization, it seems reasonable to fail builds.
Every time she said "DevOps" I heard the "Devils" which are not that far apart really
8 місяців тому
Reaching 30% of the talk and I hear her speaking about quite basic and obvious security things. And now I m reflecting on her special number 100:10:1 sort of complaining that 1 security is not enough and a daunting role to work alone with the other 10 and 100 devs. I find it a little bit pretentious, if not insulting, to assume that only her, as a security role, would only be concerned let alone be able to apply the best practices of security. Isn't it what a good developer should and probably taking into considerations in his/her everyday work?
Just cracked an interview of Devops with just your explanation and keywords. Victoria you are great
Don't ever loose your fantastic sense of humor!
even though it was about security, somehow i didnt fall asleep watching it. very nicely done. thank you!
Just watched the way through, great presentation. Will go back an take more notes soon. This info was very helpful. Thanks again.
lovely chart and movement of tasks around pipeline. thanks for being openminded to share and educate. regards from Singapore!
"How many of you have SUCCESSFULLY implemented DevOps?" @ 3:56. ....hilarious. Good vid.
OMG as a cloud security person this is the story of my life!!
Peace to the god.
What's interesting is there is an emphasis on a safe product. This would require a 'DevSafeSecOps' process to be implemented to consider safety properties of a system and safety analysis to be carefully considered as part of an agile process, especially for a safety related product or service.
very informative
While this talk places a lot of emphasis on the security to go shift-left in the software development cycle, there's no major mention of protection/security of data within those applications. PII data, for example. What're the best practices to ensure security of something as sensitive as the customer's addresses, phone numbers etc?
I'm a bit confused as to why we should not stop continuous integration on security issues. I thought DevSecOps was about involving everyone in security. Isnt breaking the build the best way to involve devs? If the tools cause too much noise, isn't the problem with the tools?
I guess it all depends on the team size.
I can see in a 100:10:1 organization, you wouldn't want to stop CI on security checks.
But in a 10:2:2 organization, it seems reasonable to fail builds.
Every time she said "DevOps" I heard the "Devils" which are not that far apart really
Reaching 30% of the talk and I hear her speaking about quite basic and obvious security things. And now I m reflecting on her special number 100:10:1 sort of complaining that 1 security is not enough and a daunting role to work alone with the other 10 and 100 devs. I find it a little bit pretentious, if not insulting, to assume that only her, as a security role, would only be concerned let alone be able to apply the best practices of security. Isn't it what a good developer should and probably taking into considerations in his/her everyday work?