Build security into software development

Devops improved software development and deployment. Rugged devops brings together security pros, developers, and operations to deliver better application security faster

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Devops is transforming how developers and operations teams work together to deliver better software faster. At its core, devops is about automation. When several tasks in development, testing, and deployment are automated, developers can make changes to code and deploy to production frequently. Amazon, a leading devops proponent, at one point claimed to have more than 1,000 deployments a day.

But such an accelerated workflow has the potential to bypass secure coding practices, which developers often find difficult to incorporate in the first place. If devops is to continue its momentum, developers need to integrate security testing earlier in the software delivery lifecycle.

That's the idea behind "rugged devops," a crusade to make developers responsible for security testing. Rugged devops inserts more points for security testing to catch potential software issues before it reaches production, but in a such way that continuous integration and application delivery is not interrupted.

“Rugged is about bashing your code prior to production to ensure it holds up to external threats once it gets to production,” says Adrian Lane, CTO of analyst firm Securosis. “Be as mean to your code as attackers will.”

Secure code the devops way

A core goal of devops is to provide the automation and practices necessary to make agile development real -- and shift software development away from behemoth waterfall projects to a continuous delivery pipeline.

To continue reading this article register now

SUBSCRIBE! Get the best of CSO delivered to your email inbox.