Full Text

A perfect storm of factors brewing in the dev, ops, and security worlds have created a window of opportunity to embed security into the application delivery lifecycle, in a needle-moving kind of way. However, security teams need to be the ones driving the DevSecOps charge or that needle will barely wobble.

Given how many security practitioners spend their days putting out fires, adding "DevSecOps evangelist" to their job description is more likely to elicit groans than spur the desire to innovate application security. As understandable as that may be, unless security teams can create the groundswell needed for DevSecOps to stick, then another paradigm shift in computing will occur in which security gets left behind.

Paradigm shift? Gag me with a buzzword spoon

As annoying of a buzzword as "paradigm shift" is, it is an accurate description for what's been happening in the application development world as it moves from a waterfall to an agile development model. Given how rarely radical process reengineering occurs in enterprise environments, it should come as no surprise that its ripple effect has been massive. It's also worth noting that as fast-occurring as this shift might feel, given The Manifesto for Agile Software Development was first published in 2001, it's been more than 15 years in the making but hit a tipping point when...