What is DevSecOps? How is it being implemented in Federal Agencies?
The term DevSecOps is used to describe a security focused, continuous delivery, software development life cycle (SDLC). DevSecOps builds on the learnings and best practices of general DevOps. The application of DevOps values to software security means that security verification becomes an active, integrated part of the development process. Traditionally, and often times unfortunately, security has been treated as a secondary system. InfoSec often engages with development teams towards the end of the SDLC. Noble as their intentions are, it can be frustrating to discover security vulnerabilities at the end of the SDLC.
DevSecOps promotes traditional security engagement to an active process of the SDLC. General DevOps has introduced processes like continuous integration (CI) and continuous delivery (CD). These processes ensure the active testing and verification of code correctness during the agile development process. Similarly, DevSecOps injects active security audits and penetration testing into agile development. DevSecOps advocates that security should be built into the product, rather than applied to a finished product.
Implementation of DevSecOps in Federal Agencies
It’s not quite time to declare the waterfall approach to technology development dead, but without a doubt, this longtime, and much maligned, approach that worked a half century ago is on life support. Meanwhile the acceptance and understanding of development, security and operations across the federal government is growing, particularly among technology workers. A new Federal News Network survey of federal employees shows how the deep roots of DevSecOps have anchored themselves in the soil of project and program management. A majority of respondents who work in technology said their agency has had at least one successful project using DevSecOps. These respondents also recognized the value of using an approach that promotes continuous integration to speed up new capabilities for citizens and to automate redundant or time-consuming processes.
Check out the complete results of this brand new executive survey.