Red Hat announced new capabilities for Red Hat OpenShift AI.
Addressing Software Exposure Within the DevOps Cycle
August 16, 2018
There once was a time in software development where developers could design, build and then think about their software's security. However in today's highly connected, API-driven application environment, this approach is simply too risky as it exposes the software to vulnerabilities.
To help organizations better understand the evolving nature of software delivery and the critical role security plays from start to finish, a new report, Managing Software Exposure: Time to Fully Embed Security into Your Application Lifecycle, was released by Checkmarx in coordination with FreeForm Dynamics and The Register. The results identify challenges associated with software exposure and security within the DevOps cycle and how organizations can best overcome them.
Among key findings:
Gaps exist between theory and practice when it comes to security's role in DevOps
96 percent of respondents reported that it is "desirable" or "highly desirable" for developers to be properly trained on how to produce secure code
Although there is no how-to guide when it comes to security today, the study found that a major gap exists between what's needed and what's actually in place among organizations surveyed. In fact, 96 percent of respondents reported that it is "desirable" or "highly desirable" for developers to be properly trained on how to produce secure code. Yet, 41 percent still agree that defining clear ownership and responsibility in relation to software security remains a challenge.
While true that there is an apparent desire for a "shift left" approach, ops teams can't be the only ones responsible for implementing it. Developers must not be overlooked when it comes to security and should actually be the ones pioneering an earlier adoption of security within the development process. Which leads us to the question of, why isn't this already happening if both parties consider it a priority?
According to the study, just 11 percent of respondents say they have adequately addressed the need for developer education in this area. Therefore, it's clear that more can be done from an organizational perspective to encourage a "shift left" approach within DevOps.
Don't alienate the C-Suite from security conversations
Now more than ever, c-level executives need to understand the crucial role security plays within their organizations. It takes just one data breach or hack for a brand's reputation to completely crumble, leaving C-level executives responsible and often times blind-sided.
45 percent of respondents still find it challenging to secure senior management approval for funding and security training
According to the survey, 57 percent of respondents "strongly agree" or "agree" with the statement that software security is now a boardroom issue. It's a matter of business risk. To ensure greater software security, developers and security teams must have the support from their executive teams. The catch? 45 percent of respondents still find it challenging to secure senior management approval for funding and security training. A catch-22 when circling back to the gap that exists between theory and practice as it relates to security's role in DevOps.
Furthermore, 44 percent of those surveyed felt that executives don't actually care about how quickly, frequently and safely developers deliver software, it just needs to be done.
Everyone involved with the DevOps cycle needs to work together
72 percent of respondents agree that different teams and disciplines within IT are still too reluctant to trust and work with one another
Developers, testers, security specialists and ops staff need to work together in order to be successful. It's not news that there has been a culture of inefficiency and miscommunication between developer and operations teams. The report found that even though DevOps culture removes many of the barriers between these two departments, 72 percent of respondents still agree that different teams and disciplines within IT are still too reluctant to trust and work with one another.
The bottomline is that in order to prevent software exposure throughout the development lifecycle, it is essential that we first work to resolve the issue of ownership and responsibility, helping to unite employees of diverse skill levels and experiences igniting a sense of mutual trust and respect.
Industry News
May 25, 2023
Pipedrive announced the launch of Developer Hub, a centralized online app development platform for technology partners and developers.
May 25, 2023
Delinea announced the latest version of Cloud Suite, part of its Server PAM solution, which provides privileged access to and authorization for servers.
May 24, 2023
Red Hat announced Red Hat Service Interconnect, simplifying application connectivity and security across platforms, clusters and clouds.
May 24, 2023
Teleport announced Teleport 13, the latest version of its Teleport Access Platform to enhance security and reduce operational overhead for DevOps teams responsible for securing cloud infrastructure.
May 24, 2023
Kasten by Veeam announced the release of its new Kasten K10 V6.0 Kubernetes data protection platform.
May 23, 2023
Red Hat announced Red Hat Developer Hub, an enterprise-grade, unified and open portal designed to streamline the development process through a supported and opinionated framework.
May 23, 2023
Pegasystems announced Pega GenAI™ – a set of 20 new generative AI-powered boosters to be integrated across Pega Infinity™ ‘23, the latest version of Pega’s product suite built on its low-code platform for AI-powered decisioning and workflow automation.
May 23, 2023
Appdome announced Build-to-Test which enables mobile developers to streamline the testing of cybersecurity features in mobile apps.
May 23, 2023
Garden released major product advancements to make it easier to write and automate portable pipelines for Kubernetes.
May 22, 2023
Check Point Software Technologies announced the general availability of its industry-leading Next-Generation Cloud Firewall natively integrated with Microsoft Azure Virtual WAN to provide customers with top-notch security.
May 22, 2023
The International Business and Quality Management Institute LLC (IBQMI®) introduced the IBQMI CERTIFIED DEVOPS MANAGER® certification program.
May 22, 2023
Mendix, a Siemens business, will unveil Mendix 10, the next major release of the low-code development platform, on June 27, 2023.
May 18, 2023
Opsera announced Patty Hatter as President and Chief Operating Officer (COO).
