On Monday, the RSA Conference featured a full-day DevOps Connect Seminar. In order to attend some of the other sessions, I had to pop in and out of the seminar, so I wasn’t able to see the entire agenda. However, the portions I was able to attend seemed a little like déjà vu, as I imagine they would for anyone from Veracode.

One of the main topics in the opening remarks was that DevOps and security are really fighting the same battle. Josh Corman, one of the pioneers of the Rugged DevOps movement, pointed out that these teams should be working together, rather than behaving as adversaries. Yet, many developers and those in development management feel as if their security teams have let them down

This theme is at the heart of Veracode’s message of “Make Code not War.” For too long, DevOps and security practitioners have acted as if they have opposing interests. But this is not the case; DevOps’ goal is to create processes that produce high-quality software within a pre-set release cycle, while security’s only goal is to ensure this software does not contain any known vulnerabilities.

As some of the presentations pointed out during the seminar, the challenges these two teams face are also the same. Software is no longer built but is actually assembled from components. Josh quoted a stat that 80 percent to 90 percent of a program is from components.

One of the presenters during the seminar suggested that one way to get DevOps to consider security a priority is to talk about security as a quality issue instead of a vulnerability issue. When development teams look at security this way, they are less likely to balk at security protocols in the SDLC.

What I was able to see of the seminar reinforced the idea that DevOps and security need to unite to defeat vulnerabilities and insecure software. Neither of these groups is the enemy; the cybercriminals are, and if these teams can actually work together, they will be more successful. As one presenter explained, there is a gulf growing between the “haves” and “have-nots” in terms of innovation. The gulf creates a self-perpetuating cycle of success, which means more innovation. The companies that are able to find a way to balance innovation and security will be at a distinct competitive advantage over those that do not.

In a completely unplanned coincidence, Veracode will be discussing the need for DevOps and security to become allies throughout the week and beyond. If you’d like to discuss this topic further, you can do so at our RSAC expo booth N3209.

Read more Veracode coverage of RSA

About Jessica Lavery

Jessica is part of the content team at Veracode. In this role she strives to create and promote content that will engage, educate and inspire security professionals around the topic of application security. Jessica’s involvement with the security industry goes back more than a decade at companies like Astaro, and Sophos where she held roles in corporate communication and marketing.

Comments (1)

alan shimel | March 3, 2016 7:12 pm

Jessica thanks for the write up on our DevOps Connect: Rugged DevOps event. There were over 20 speakers throughout the day and we had over 750 people come in. What was interesting was that they were not only from the security space where Josh, you, I and many of your readers come from, but also from the Dev and Ops space. A true meeting of the tribes and hopefully the minds. This is the 2nd year we have put on a similar event and hope to do again next year. Would love to have some of the Veracode team participate.

Here is a complete list of the speakers and topics from this years events: http://www.devopsconnect.com/rsa/

Thanks for the write up!

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.