Figure 2: Example of a DevSecOps CI/CD Pipeline


            When providing on-demand security capabilities, our services must be stable, accurate, and capable of
            meeting the demand. We only get one opportunity to get it right; if our services are not reliable, developers
            will lose confidence in our systems and in us. This will adversely impact our ability to influence software
            delivery                                                                                   practices.

            We can use a variety of tools and techniques to help development teams incorporate security into their
            processes including:
                     Being present and practicing active listening
                     Conduct threat modeling sections & secure design reviews
                     Help developers create attacker’s user stories
                     Provide development teams with secure libraries, SDKs, and scripts
                     Establish on-demand vulnerability and code quality scanning capabilities
                     Automate penetration testing as much as possible
                     Bug bounties
                     Automate compliance (compliance as code)

            In  summary,  security  is  everyone’s  responsibility.  DevSecOps  principles  and  processes  give  us  the
            highest opportunity to enable developers to deliver secure software and services to our customers.












                                 72