Sign in / up

back to article Hand the security cookbook to your robot butler: Time to automate

One of the main principles of DevOps is that we break down the silos. Rather than having two individual teams for Development and Operations with conflicting goals, there is one group, all pulling in the same direction. But DevOps is about more than two teams now. Testing should be done throughout, not just plugged in at the end …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    The bigest problems with security (at the code level)

    1) There are hardly ever any security requirements, even if every other aspect does have them;

    2) There is no tracability from security requirements (if they do exist) through to test artifacts;

    3) Artifacts are too often managed manually;

    4) It is common to find that tools such as static analysers are not used.

    But the biggest issue seems to be that IT / IoT are not as willing to use a suitable, controlled development process. Other sectors (e.g. avionics) have been on top of this for years, so it can be done. Sure, the processes they use may be too "heavy" to use in full, but the principles are well established and work.

    0 0 Reply
  2. K

    Devil is in the detail..

    "Kat McIvor is Principal Technologist for DevOps at QA, the sole UK partner for Chef training delivery, "

    So being the the sole partner, gives you an indicator of how big (or little rather) the Chef and Puppet market really is..

    0 0 Reply
  3. Anonymous Coward
    Anonymous Coward

    Are you still talking about DevOps

    This is sooooo April 2016! All cool kids and snake oil peddlers are doing something else now.

    4 0 Reply
  4. Mint Sauce

    I feel like I have been Rickrolled...

    ... or whatever the DevOps equivalent is!

    Came here expecting an interesting or amusing read, then *bam* an article from the Stock, Aitken and Waterman school of writing.

    3 0 Reply
  5. Alistair
    Coat

    Errrr.

    we've been doing this for years. cfengine has policy settings and tests. gets applied at the end of kickstart. Gets validated twice a day. Reports. output. lists.

    What? you haven't? Silly devops.

    0 0 Reply
  6. energystar
    Windows

    Security is not an ingredient to be added [along the cooking, or at serving]. It's a mind set.

    In fact, security is about less.

    Hard job, considering the so merchandising mindset of DevOps.

    0 0 Reply
  7. Bibbit

    I love DevOps

    That snake-oil article bot works really well. Theses articles almost read like people wrote them. What do they pay you El reg? :)

    0 0 Reply
  8. quxinot

    So, we have learned amanfrommars's real name!

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like