Global Security Forum

 View Only
  • 1.  Security in DevOps-> DevSecOps

    Posted Thu May 28, 2020 12:43 PM
    I would like to know if there is a specific security strategy to incorporate security revisions in the DevOps process to ensure that the code that is developed, incorporates in an agile way the security measures that ensure its quality.

    Best reagards

    Alfonso Abad M.  |  Director General

    MindCraft Mexico, S. de R.L. de C.V.

    Av Santa Fe 462-B Lomas de Santa Fe

    Cuajimalpa de Morelos, CDMX, C.P. 05348

    Tel: 55 4747-3055

    Cel: 55 4143-1652

     

    www.mindcraftmexico.com | alfonso.abad@mindcraftmexico.com 


    DESCARGO DE RESPONSABILIDAD

    La información en este correo electrónico es confidencial y está destinada únicamente al destinatario. El acceso a este correo electrónico por otra persona no está autorizado. Cualquier uso, distribución, copia o divulgación por cualquier otra persona está estrictamente prohibido y puede ser ilegal. Si recibió esto por error, por favor notifique al remitente por correo electrónico y luego destruya el mensaje. Las opiniones, conclusiones y otra información en este mensaje que no se relacionen con el negocio oficial de MindCraft no se entenderán como dadas ni respaldadas por MindCraft. Cuando se dirige a nuestros clientes, el contenido de este correo electrónico está sujeto a los términos y condiciones expresados en la política vigente que gobierna la relación con el cliente.


    DISCLAIMER

    The information in this email is confidential and intended solely for the addressee. Access to this email by anyone else is unauthorized. Any use, distribution, copying or disclosure by any other person is strictly prohibited and may be illegal. If you received this in error, please notify the sender by reply e-mail and then destroy the message. Opinions, conclusions, and other information in this message that do not relate to the official business of MindCraft shall be understood to be neither given nor endorsed by MindCraft. When addressed to our customers the contents in this email are subject to the terms and conditions expressed in the governing customer engagement policy.

     





  • 2.  RE: Security in DevOps-> DevSecOps

    Posted Fri May 29, 2020 08:59 AM
    Edited by Sander Veer Fri May 29, 2020 12:49 PM
    Hi Alfonso,

    This is the public information:
    https://www.ibm.com/security/secure-engineering/index.html


  • 3.  RE: Security in DevOps-> DevSecOps

    Posted Fri May 29, 2020 05:36 PM
    Hi Alfonso,

    I've seen companies doing it in different ways, depending on their security program maturity level.  At a high level, you define your security posture, the risks you want to take translated into security policies, this is the number and severity of flaws and vulnerabilities the you are willing to take.  Based on that you can send back to the development team the list of flaws and vulnerabilities that have to be fixed.
    Automating the process is the best way to go, make part of your CI pipelines not only testing but also SAST, SCA and IAST security scans.

    Regards,

    ------------------------------
    Javier Perez
    ------------------------------



  • 4.  RE: Security in DevOps-> DevSecOps

    Posted Mon February 05, 2024 01:33 PM

    Possibly, seeking the assistance of experts in DevSecOps could be a step in solving this problem https://tech-stack.com/services/devops



    ------------------------------
    Ronald Higgins
    ------------------------------