STARWEST 2020 Concurrent Session : Hey! You Got Security In My Development!


Thursday, October 8, 2020 - 2:15pm to 3:15pm

Hey! You Got Security In My Development!

The release date is a week away. Development is complete. The code works, and everything looks good. Marketing is ready with the media blitz. Our customers are waiting to get their hands on the new features and are sure to give us good feedback. The only step left is to get the security group to scan the application and give us the approval to release it. Cross your fingers- let’s hope we get the green light! Otherwise, I don’t know what we are going to do. DevOps, and more importantly, DevSecOps, promises to do away with rolling the dice at the end and hoping we are allowed to release what we built. But how do we get to DevSecOps when we have a separate security sign-off, governance, regulations, and even corporate policies that say security gets the final word? How do we get from a classic security model to a DevOps-friendly process? Join Gene as he discusses practical steps for adding security to your existing development process that you can start using right away, without putting your development process on hold. Attendees will learn tools and types of testing they can introduce to build security in from the beginning, eliminating the late surprises that the security team might find right before release.

Coveros, Inc.

Gene Gotimer is a Principal Consultant at Coveros, Inc., a software company that uses agile methods to help customers build software better, faster, and more securely. They do this by focusing on agile development and DevOps practices such as continuous integration, repeatable builds, unit testing, automated functional testing, analysis tools, security scanning, and automated deploys. Gene feels strongly that repeatability, quality, and security are all strongly intertwined; each of them is dependent on the other two, which just makes agile and DevOps that much more crucial to software development.