It’s generally accepted that DevOps is an effective means of delivering higher quality software products at a faster rate, compared to more traditional software development and IT infrastructure management approaches.
For some organisations, however, it can be difficult to see a clear, pain-free path out of an environment characterised by waterfall lifecycles and on-premise infrastructure which once served them well, but which has now become an encumbrance and an impediment to progress.
Read more “Shifting Left On A Shoestring: Azure DevSecOps Pipelines”
For developers working with systems exposed to the internet, it’s difficult to avoid the influence that information security has on day to day work. Perhaps a recent penetration test by a third party has highlighted vulnerabilities that need addressing, or maybe the system has already suffered a security breach. There might be a requirement to demonstrate that the system is compliant with a particular security standard. Its also possible that the development team belongs to an enlightened organisation that understands why their software products need to be secure, and have measures in place within their development process to prevent and detect security vulnerabilities.
Conversely, if a system is designed to sit in apparent safety behind a firewall, or on a separate internal network segment, or has no direct access to sensitive data, it’s not straightforward from a developer’s point of view to see how – or why – a system might be attacked.
Read more “Software Vulnerabilities and Business Risk”