User:Kermit2/DevSecOps
From Wikipedia, the free encyclopedia
DevSecOps, a clipped compound of DevOps and security, is a computer software development methodology which aims to integrate computer security into every aspect of a software development life cycle from design to development, testing, production, and ongoing operations.[1] The goal of DevSecOps is to create an environment where building, testing, and deploying software can occur rapidly, frequently, and securely.[2][3]
Background
DevSecOps refers to the discipline and practice of safeguarding the entire DevOps environment through strategies, policies, processes, and technology.[4] Reducing technical debt with early security involvement is a key DevSecOps imperative.[5][6]
A growing consensus acknowledges the impossibility of perfect attack prevention.[7] [8] To prepare for the eventuality of a breach or insider threats, DevSecOps practices rely on rapid detection and response as the primary tools for feedback and improvement.[9] Solutions for rapid threat detection and incident investigation increasingly focus on behavioral anomalies (instead of attempting to identify and prevent known attacks), and are available for endpoints[10] as well as cloud implementations.[11]
