Code Patrol
How to avoid DevSecOps indigestion
You’re jamming security, development and operations into a triple-decker sandwich that, in a perfect world, spreads security practices onto the software development and delivery processes and gets your software out the door more efficiently. What could possibly go wrong? Lots, says Jimmy Xu, leader of Trace3’s DevSecOps practice. But isn’t security like mayonnaise? Just glides right on? Nope, Xu says in our podcast, and you’ll find that out quickly if you’re trying to push responsibilities around without an open mindset and a good operating model. It all starts with communication, he says. You need the right frame of mind to talk to all the people whose lives you’ll be affecting: not just the developers who’ll be doing things outside of their normal routines, but also the security experts who want to offload tasks. It’s an exercise in building trust and empowering all the stakeholders.