home.aspx
 
. https://www.nowsecure.com/blog/2019/03/27/how-to-deliver-on-devsecops-while-winning-support-from-the-devops-team/
blog article
HOW TO DELIVER ON DEVSECOPS WHILE WINNING SUPPORT FROM THE DEVOPS TEAM
As an engineering leader for more than 20 years, I’ve experienced the journey from waterfall to agile to DevOps and now DevSecOps with my teams. While much has been written about the DevSecOps movement from the perspective of developer and security professionals, I aim to share insight from a DevOps practitioner point of view. The goal of DevSecOps is to build automated security testing into the development process and catch and correct vulnerabilities early on. This saves time compared to the traditional approach of conducting security testing only after an application is complete, then having to go back and fix any vulnerabilities. The Issue with Open Source. One approach to implementing DevSecOps is to use a collection of open-source tools such as Drozer, Frida, Mitmproxy, and Radare. The problem here is it takes significant experience to glue these tools together and use them effectively. Only larger companies are likely to have the money to invest in deeply skilled security analysts with the experience to pull it off effectively, and to give them the time it takes to do it. READ MORE