Friday, May 22, 2015

Appsec: The gaps between Builders and Defenders

This year's SANS Institute State of Application Security Survey , which I worked on with Eric Johnson and Frank Kim, looks at the gaps ...
Friday, May 8, 2015

DevOps is Killing Maintenance. Let’s Celebrate.

DevOps probably isn't killing developers . But it is changing how people think about development - from running projects to a focus...
2 comments:
Thursday, April 30, 2015

Can DevOps(Sec) make Software more Secure?

There was a lot of talk at RSA this year about DevOps and security: DevOpsSec or DevSecOps or Rugged DevOps or whatever people want to cal...
1 comment:
Wednesday, April 15, 2015

Backdoors, Sabotage or Just Plain Stupidity

Someone on your development team, or a contractor or a consultant, or one of your sys admins, or a bad guy who stole one of these people’s...
2 comments:
Tuesday, April 7, 2015

Towards Compliance as Code

Infrastructure as Code is fundamental to DevOps. Automating the work of setting up and maintaining systems infrastructure. Making it de...
1 comment:
Thursday, March 19, 2015

Making Refactoring Work

A recent academic study raises some questions about how useful and how important refactoring really is. The researchers found that r...
Wednesday, March 4, 2015

Putting Security into Sprints

To build a secure app, you can’t wait to the end and hope to “test security in”. For teams who follow Agile methods like Scrum, this means ...