DevOps East 2017 Concurrent Session : DevSecOps Manifesto and Process Model for Secure Applications


Thursday, November 9, 2017 - 10:00am to 11:00am

DevSecOps Manifesto and Process Model for Secure Applications

Add to calendar

The bad guys don't break in through the highly secure bank vault door; they attack the crumbly bricks and mortar of the vault walls. The same is true for application security. The vast majority of incidents don't target security features like encryption, authentication, and authorization. Rather, the target is vulnerabilities in the boring, non-secure parts of the code. In many organizations, the security function is still largely thrown-over-the-wall, but things are changing. Larry Maccherone believes we cannot prevent the vast majority of incidents with a bolt-on approach to security. We must build security in by developing applications that are free of such vulnerabilities. Just as DevOps is a cultural transformation, we need a mindset shift and cultural change to build security in. We need DevSecOps. Larry introduces a DevSecOps manifesto and a process model for achieving a build security in culture. Although designed to sit on top of any SDLC, the framework is particularly well suited to lean/agile environments, and even better suited to a DevOps environment or in conjunction with an ongoing DevOps transformation.

Larry Maccherone
Independent Consultant

An industry-recognized thought leader on lean/agile, analytics, and DevSecOps, Larry Maccherone currently serves as Principal for his namesake consulting firm where he has worked with clients like Comcast, IBM, Adobe, Oracle, USAA, and Intuit. Previously at Rally Software, Larry led the insights product line which enabled better decisions with data, leveraged big data techniques to conduct groundbreaking research, and offered the first-ever agile performance benchmarking capability. Before Rally, Larry worked at Carnegie Mellon with the Software Engineering Institute and CyLab for seven years conducting research on cybersecurity and software engineering. Contact Larry at LinkedIn.