Session: So Happy Together: Making the Promise of DevSecOps a Reality

It may be hard to believe, but it’s been over a decade since DevOps was introduced. It wasn’t long after that the concept of DevSecOps began to emerge as security practitioners attempted to keep application security practices engaged in software delivery. However, recent studies show that even in organizations that have adopted a DevSecOps model, security is still often viewed as a bottleneck. This can undermine the promise of DevSecOps to deliver a culture of shared responsibility for security.

Hacker, former developer, and application security advocate Alyssa Miller dives into the key issues that keep security shut out of the DevOps Pipeline. She’ll provide insights from her recent research into the state of DevSecOps and Open Source Security and share evidence that indicates organizations are still failing to mature their processes and achieve the ideal shared responsibility culture.

Through her analysis, Alyssa identifies tangible, practical actions that security practitioners can take to successfully enable security practices within the pipeline. Alyssa will demonstrate what steps can be taken to create accountability between Development, Security, and Operations disciplines. Finally, Alyssa delivers a forward-looking viewpoint for what lies beyond DevSecOps, and how this culture can be extended to include the broader business.