Developing a secure application is no different than delivering a high-quality application as long as security is addressed throughout the software development lifecycle.
It seems easy to say, "Let's assess security at every phase of the development lifecycle." But, in reality, it is very difficult to integrate traditional security practices into the software development lifecycle for DevOps because there is no time for manual security testing, secure code reviews, dependency assessments, and audits. Also, there is no opportunity to put in control gates and perform extensive security reviews because the reviews take longer than the commit and deploy cycles.
from DZone.com Feed https://ift.tt/2Q47n95
No comments:
Post a Comment