Hi Alfonso,
I've seen companies doing it in different ways, depending on their security program maturity level. At a high level, you define your security posture, the risks you want to take translated into security policies, this is the number and severity of flaws and vulnerabilities the you are willing to take. Based on that you can send back to the development team the list of flaws and vulnerabilities that have to be fixed.
Automating the process is the best way to go, make part of your CI pipelines not only testing but also SAST, SCA and IAST security scans.
Regards,
------------------------------
Javier Perez
------------------------------
Original Message:
Sent: Thu May 28, 2020 12:42 PM
From: Alfonso Abad
Subject: Security in DevOps-> DevSecOps
I would like to know if there is a specific security strategy to incorporate security revisions in the DevOps process to ensure that the code that is developed, incorporates in an agile way the security measures that ensure its quality.
Best reagards
Alfonso Abad M. | Director General
MindCraft Mexico, S. de R.L. de C.V.
Av Santa Fe 462-B Lomas de Santa Fe
Cuajimalpa de Morelos, CDMX, C.P. 05348
Tel: 55 4747-3055
Cel: 55 4143-1652
www.mindcraftmexico.com | alfonso.abad@mindcraftmexico.com
DESCARGO DE RESPONSABILIDAD
La información en este correo electrónico es confidencial y está destinada únicamente al destinatario. El acceso a este correo electrónico por otra persona no está autorizado. Cualquier uso, distribución, copia o divulgación por cualquier otra persona está estrictamente prohibido y puede ser ilegal. Si recibió esto por error, por favor notifique al remitente por correo electrónico y luego destruya el mensaje. Las opiniones, conclusiones y otra información en este mensaje que no se relacionen con el negocio oficial de MindCraft no se entenderán como dadas ni respaldadas por MindCraft. Cuando se dirige a nuestros clientes, el contenido de este correo electrónico está sujeto a los términos y condiciones expresados en la política vigente que gobierna la relación con el cliente.
DISCLAIMER
The information in this email is confidential and intended solely for the addressee. Access to this email by anyone else is unauthorized. Any use, distribution, copying or disclosure by any other person is strictly prohibited and may be illegal. If you received this in error, please notify the sender by reply e-mail and then destroy the message. Opinions, conclusions, and other information in this message that do not relate to the official business of MindCraft shall be understood to be neither given nor endorsed by MindCraft. When addressed to our customers the contents in this email are subject to the terms and conditions expressed in the governing customer engagement policy.