Listening to @djschleen of CVS Health discuss Automating Security in DevOps (DevSecOps) at #RMISC #RMISC2019
If you're not doing Value Stream Mapping (en.wikipedia.org/wiki/Value-str…) for your software, but you're doing DevOps or other lean software dev, start. – @djschleen at #RMISC #RMISC2019
Tools need to be replaceable in your workflow; don't lock yourself into specific vendors' tools without a path to replace those functions easily – @djschleen at #RMISC #RMISC2019
OpenSource Security Management (really, 3rd-party component security management) is essential to get a handle on. You need to know the risks of components you're including in your software – @djschleen at #RMISC #RMISC2019
Container Vulnerability Analysis; there are great reasons to use containers, but you need to know if your containers have outdated, vulnerable components – @djschleen at #RMISC #RMISC2019
Big bold letters: DON'T PIN VERSIONS – @djschleen at #RMISC #RMISC2019
It's important to respond to the tools, languages, frameworks, etc. that your developers are actually using – @djschleen at #RMISC #RMISC2019
Use SAST sensibly -- big/complex apps can take a while to scan in entirety, and that can break DevOps processes. This is easier to deal with on greenfield apps – @djschleen at #RMISC #RMISC2019
Your devs need access to security people/resources that have technical dev knowledge. They can't fix e.g. SQLi if someone can't explain how it works and how to avoid it – @djschleen at #RMISC #RMISC2019
Companies like Google have thousands of devs committing straight to master through use of testing, feature flags, keeping commits small, and other disciplines. If something breaks, it's swarmed to fix, supported by automated tools – @djschleen at #RMISC #RMISC2019
Understand the Three Ways from Lean/DevOps — Flow, Feedback, and Experimentation – @djschleen at #RMISC #RMISC2019
Beware of having conversations that trip on Conway's Law (en.wikipedia.org/wiki/Conway%27…), and let devs be experts at development – @djschleen at #RMISC #RMISC2019
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Darren, his eyes uncovered!
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!