SlideShare a Scribd company logo

Lisa Conference 2014: DevOps and AppSec - Who is Responsible

Download as PPTX, PDF
S
SeniorStoryteller

The document summarizes the results of a survey about application security and the responsibilities of developers. It finds that while developers feel personally responsible for security, many lack clear security policies and processes from their organizations to enforce standards. It also finds that security testing is often not automated and occurs late in the development cycle, and that testing of open source components, which make up a large portion of applications, is lacking. The survey suggests organizations need to define security policies and processes and integrate security testing earlier to help developers prioritize security.

Technology
1 of 26
Developers and Application Security: Who is Responsible? SURVEY RESULTS, November 2014 Mark Miller, Senior Storyteller
Mark Miller
Survey Sponsors
41% Q5 - In what industry does your business operate? 20% 17% 10% 6% Technology / ISV Consulting / SI Financial Services & Insurance Media / Entertain Public Sector Telecommunications Consumer Goods / Retail Other 14% 10% 6%
Operations 25% Security 16% Other 3% DevOps 30% Development 26% Q1 – What is your role within your current organization?
Senior Management 8% Executive Management 6% Practitioner 46% Manager 40% Q3 – What is your responsibility level?
13% Q9 - Percentage of open source software? 40% 14% 15% 15% 0% open source 20% open source 40% open source 60% open source 80% open source 100% open source 5% 67% >5000 employees 50% in FSI 41% in Consulting 31% in Government 27% in Tech 44% for Java developers {What people estimate they are doing
13% Q9 - Percentage of open source software? 14% 15% 15% 0% open source 20% open source 40% open source 60% open source 80% open source 100% open source 5% 67% >5000 employees 50% in FSI 41% in Consulting 31% in Govt 27% in Tech 44% for Java developers {What people estimate they are doing What app scans reveal 40%
57% Q10 - For custom development, what languages are used? 31% 30% 25% 21% Java PHP .NET Ruby C/C++ 83% with > 5000 employees FSI: 82.5% Banking/Finance: 88% Government: 74%{
Q11 - Who is the primary driver behind AppSec initiatives? 40% say dev (Q14) 76% say dev spends less than 15% time on AppSec (Q15) 42% say dev knows its important but does not have time to spend on it {40%
Q11 - Who primarily drives AppSec initiatives? (filtered for developers only) 67% devs think they are the primary driver; (Q15) 26% say security is not their focus, 40% say they have no time to spend on it; (Q17) 74% state we have no policies or policies are not effectively enforced Observations: 84% w/ >5000 employees think it’s compliance / risk management {67%
Q12 – Your role in AppSec? (1=not at all, 10 = highest priority) w/ >5000 employees, 75% rank security 8+ priority (Q17 – 58% of >5000 employees feel there is no clear security policy or that policy is not effectively enforced; 18% we don’t have clear policies 81% state Adherence to internal security policies is a top concern Conclusion: strong personal sense of responsibility, but little to not policies to enforce security standards; people make up their own standards w/ 101 – 1000 employees, 76% rank security 8+ priority Q17 – 67% employees feel there is no clear security policy or that policy is not effectively enforced. Q13 - 74% state adherence to internal security policies is a top concern Conclusion: “App Sec is important to me but we lack corporate policies so I’ll determine my own.”
Q13 - Are any of these security concerns? 65.03% {#2 overall issue but only 31% test it #1 issue for government
Q14 - How much time to developers spend on security?
Q15 - Interest of in-house developers in regard to AppSec 41% in FSI know its important but don’t spend time 42% in tech {
Q16 - When does App Dev spend time with security group? Observations: 23% say security checks happen, but (Q17) Only 12% have automated End of development cycle - 62% in government (#1 answer), 47% in financial services Historically, ‘end of development cycle’ is the most expensive option
Q17 - Describe your current app security policies (Overall) Observations: 67.05% do not have clear, well defined, enforced policies 12.5% have well defined, automated policies
Q17 - Describe your current app security policies (filtered for government) 59% policies not enforced compared to: 40% in FSI 28% in Tech{ 24% don’t have policies in place compared to: 20% in FSI 30% in Tech{Automated late in Development18% Automated across SW lifecycle12%
Q17 - Describe your current app security policies (Developers only) 42% Do not have clear policies Observations: “I am responsible, but I have: • No tools • No policy • No time 9% Automation across lifecycle 7% Automation late in development cycle
Q20 - If doing CI, how often is code compiled? Observations: If there is continuous integration, the percentage of automated testing increases 40% automate security testing here.
Q23 - Where is security testing automated? Lower Cost Highest Cost High Cost Lower Cost
Q18 - What are you testing? Observations: 80%+ of app composition is open source 30% of companies test open source • 37% tech • 20% in FSI • 29% in government
Summary
Get the deck right now, within seconds Community@Sonatype.com
Survey Sponsors
Developers and Application Security: Who is Responsible? SURVEY RESULTS, November 2014 Mark Miller, Senior Storyteller

Recommended

The Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentThe Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software Development
Sonatype
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey
Sonatype
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...
Sonatype
 
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC Advisory Group
 
Survey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSurvey: Security Analytics and Intelligence
Survey: Security Analytics and Intelligence
SolarWinds
 
Meet the Experts
Meet the ExpertsMeet the Experts
Meet the Experts
Experts Exchange
 
Meet our Community- Experts Exchange at a Glance
Meet our Community- Experts Exchange at a GlanceMeet our Community- Experts Exchange at a Glance
Meet our Community- Experts Exchange at a Glance
Jaime Sterling Lewis
 
Medgate: How Communication Builds Safety Culture
Medgate: How Communication Builds Safety CultureMedgate: How Communication Builds Safety Culture
Medgate: How Communication Builds Safety Culture
The Windsdor Consulting Group, Inc.
 

Recommended

The Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentThe Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software Development
Sonatype
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey
Sonatype
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...
Sonatype
 
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC Advisory Group
 
Survey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSurvey: Security Analytics and Intelligence
Survey: Security Analytics and Intelligence
SolarWinds
 
Meet the Experts
Meet the ExpertsMeet the Experts
Meet the Experts
Experts Exchange
 
Meet our Community- Experts Exchange at a Glance
Meet our Community- Experts Exchange at a GlanceMeet our Community- Experts Exchange at a Glance
Meet our Community- Experts Exchange at a Glance
Jaime Sterling Lewis
 
Medgate: How Communication Builds Safety Culture
Medgate: How Communication Builds Safety CultureMedgate: How Communication Builds Safety Culture
Medgate: How Communication Builds Safety Culture
The Windsdor Consulting Group, Inc.
 
Managing budgets in the public sector survey - Current challenges and future ...
Managing budgets in the public sector survey - Current challenges and future ...Managing budgets in the public sector survey - Current challenges and future ...
Managing budgets in the public sector survey - Current challenges and future ...
Advanced Business Solutions
 
InsightsEd - Global EdTech Snapshot - July 2015
InsightsEd - Global EdTech Snapshot - July 2015InsightsEd - Global EdTech Snapshot - July 2015
InsightsEd - Global EdTech Snapshot - July 2015
Indalytics Advisors
 
New Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesNew Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challenges
Synopsys Software Integrity Group
 
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Massimiliano Mandolini
 
Survey: IT is Everywhere (End Users’ Perspective, Germany)
Survey: IT is Everywhere (End Users’ Perspective, Germany)Survey: IT is Everywhere (End Users’ Perspective, Germany)
Survey: IT is Everywhere (End Users’ Perspective, Germany)
SolarWinds
 
Safety and leadership_impact_its_a_numbers_game
Safety and leadership_impact_its_a_numbers_gameSafety and leadership_impact_its_a_numbers_game
Safety and leadership_impact_its_a_numbers_game
Rebecca Sue (nee Marlow)
 
The IT community's take on Artificial Intelligence
The IT community's take on Artificial IntelligenceThe IT community's take on Artificial Intelligence
The IT community's take on Artificial Intelligence
Pulse Q&A
 
Survey: IT is Everywhere (End Users’ Perspective, North America)
Survey: IT is Everywhere (End Users’ Perspective, North America)Survey: IT is Everywhere (End Users’ Perspective, North America)
Survey: IT is Everywhere (End Users’ Perspective, North America)
SolarWinds
 
Webinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesWebinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design Practices
Synopsys Software Integrity Group
 
Horizon Scan 2016 - Canada
Horizon Scan 2016 - CanadaHorizon Scan 2016 - Canada
Horizon Scan 2016 - CanadaAndrew Scott
 
Survey: IT is Everywhere (End Users’ Perspective, Singapore)
Survey: IT is Everywhere (End Users’ Perspective, Singapore)Survey: IT is Everywhere (End Users’ Perspective, Singapore)
Survey: IT is Everywhere (End Users’ Perspective, Singapore)
SolarWinds
 
Connected Research for Sunday Business Post March 2014
Connected Research for Sunday Business Post March 2014Connected Research for Sunday Business Post March 2014
Connected Research for Sunday Business Post March 2014
Amarach Research
 
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
SolarWinds
 
Survey: IT is Everywhere (End Users’ Perspective, UK)
Survey: IT is Everywhere (End Users’ Perspective, UK)Survey: IT is Everywhere (End Users’ Perspective, UK)
Survey: IT is Everywhere (End Users’ Perspective, UK)
SolarWinds
 
2008 North Bridge Future of Open Source Study
2008 North Bridge Future of Open Source Study2008 North Bridge Future of Open Source Study
2008 North Bridge Future of Open Source Study
North Bridge
 
2015 Strategic Directions: Smart Utility Report
2015 Strategic Directions: Smart Utility Report2015 Strategic Directions: Smart Utility Report
2015 Strategic Directions: Smart Utility Report
Black & Veatch
 
2017 Software Developer Productivity Survey in the United States and Great Br...
2017 Software Developer Productivity Survey in the United States and Great Br...2017 Software Developer Productivity Survey in the United States and Great Br...
2017 Software Developer Productivity Survey in the United States and Great Br...
GitPrime
 
Survey: IT is Everywhere (End Users’ Perspective, Australia)
Survey: IT is Everywhere (End Users’ Perspective, Australia)Survey: IT is Everywhere (End Users’ Perspective, Australia)
Survey: IT is Everywhere (End Users’ Perspective, Australia)
SolarWinds
 
Abuse Prevention App PPT (Engr. Madeeha Saeed]
Abuse Prevention App PPT (Engr. Madeeha Saeed]Abuse Prevention App PPT (Engr. Madeeha Saeed]
Abuse Prevention App PPT (Engr. Madeeha Saeed]
Madeeha Saeed
 
Pandemic Predictions: Comfort Crushers
Pandemic Predictions: Comfort CrushersPandemic Predictions: Comfort Crushers
Pandemic Predictions: Comfort Crushers
SatisFactsEducation
 
Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux FestBuilding an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Matt Tesauro
 
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
dev2ops
 

More Related Content

What's hot

Managing budgets in the public sector survey - Current challenges and future ...
Managing budgets in the public sector survey - Current challenges and future ...Managing budgets in the public sector survey - Current challenges and future ...
Managing budgets in the public sector survey - Current challenges and future ...
Advanced Business Solutions
 
InsightsEd - Global EdTech Snapshot - July 2015
InsightsEd - Global EdTech Snapshot - July 2015InsightsEd - Global EdTech Snapshot - July 2015
InsightsEd - Global EdTech Snapshot - July 2015
Indalytics Advisors
 
New Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesNew Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challenges
Synopsys Software Integrity Group
 
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Massimiliano Mandolini
 
Survey: IT is Everywhere (End Users’ Perspective, Germany)
Survey: IT is Everywhere (End Users’ Perspective, Germany)Survey: IT is Everywhere (End Users’ Perspective, Germany)
Survey: IT is Everywhere (End Users’ Perspective, Germany)
SolarWinds
 
Safety and leadership_impact_its_a_numbers_game
Safety and leadership_impact_its_a_numbers_gameSafety and leadership_impact_its_a_numbers_game
Safety and leadership_impact_its_a_numbers_game
Rebecca Sue (nee Marlow)
 
The IT community's take on Artificial Intelligence
The IT community's take on Artificial IntelligenceThe IT community's take on Artificial Intelligence
The IT community's take on Artificial Intelligence
Pulse Q&A
 
Survey: IT is Everywhere (End Users’ Perspective, North America)
Survey: IT is Everywhere (End Users’ Perspective, North America)Survey: IT is Everywhere (End Users’ Perspective, North America)
Survey: IT is Everywhere (End Users’ Perspective, North America)
SolarWinds
 
Webinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesWebinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design Practices
Synopsys Software Integrity Group
 
Horizon Scan 2016 - Canada
Horizon Scan 2016 - CanadaHorizon Scan 2016 - Canada
Horizon Scan 2016 - CanadaAndrew Scott
 
Survey: IT is Everywhere (End Users’ Perspective, Singapore)
Survey: IT is Everywhere (End Users’ Perspective, Singapore)Survey: IT is Everywhere (End Users’ Perspective, Singapore)
Survey: IT is Everywhere (End Users’ Perspective, Singapore)
SolarWinds
 
Connected Research for Sunday Business Post March 2014
Connected Research for Sunday Business Post March 2014Connected Research for Sunday Business Post March 2014
Connected Research for Sunday Business Post March 2014
Amarach Research
 
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
SolarWinds
 
Survey: IT is Everywhere (End Users’ Perspective, UK)
Survey: IT is Everywhere (End Users’ Perspective, UK)Survey: IT is Everywhere (End Users’ Perspective, UK)
Survey: IT is Everywhere (End Users’ Perspective, UK)
SolarWinds
 
2008 North Bridge Future of Open Source Study
2008 North Bridge Future of Open Source Study2008 North Bridge Future of Open Source Study
2008 North Bridge Future of Open Source Study
North Bridge
 
2015 Strategic Directions: Smart Utility Report
2015 Strategic Directions: Smart Utility Report2015 Strategic Directions: Smart Utility Report
2015 Strategic Directions: Smart Utility Report
Black & Veatch
 
2017 Software Developer Productivity Survey in the United States and Great Br...
2017 Software Developer Productivity Survey in the United States and Great Br...2017 Software Developer Productivity Survey in the United States and Great Br...
2017 Software Developer Productivity Survey in the United States and Great Br...
GitPrime
 
Survey: IT is Everywhere (End Users’ Perspective, Australia)
Survey: IT is Everywhere (End Users’ Perspective, Australia)Survey: IT is Everywhere (End Users’ Perspective, Australia)
Survey: IT is Everywhere (End Users’ Perspective, Australia)
SolarWinds
 
Abuse Prevention App PPT (Engr. Madeeha Saeed]
Abuse Prevention App PPT (Engr. Madeeha Saeed]Abuse Prevention App PPT (Engr. Madeeha Saeed]
Abuse Prevention App PPT (Engr. Madeeha Saeed]
Madeeha Saeed
 
Pandemic Predictions: Comfort Crushers
Pandemic Predictions: Comfort CrushersPandemic Predictions: Comfort Crushers
Pandemic Predictions: Comfort Crushers
SatisFactsEducation
 

What's hot (20)

Managing budgets in the public sector survey - Current challenges and future ...
Managing budgets in the public sector survey - Current challenges and future ...Managing budgets in the public sector survey - Current challenges and future ...
Managing budgets in the public sector survey - Current challenges and future ...
 
InsightsEd - Global EdTech Snapshot - July 2015
InsightsEd - Global EdTech Snapshot - July 2015InsightsEd - Global EdTech Snapshot - July 2015
InsightsEd - Global EdTech Snapshot - July 2015
 
New Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesNew Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challenges
 
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
 
Survey: IT is Everywhere (End Users’ Perspective, Germany)
Survey: IT is Everywhere (End Users’ Perspective, Germany)Survey: IT is Everywhere (End Users’ Perspective, Germany)
Survey: IT is Everywhere (End Users’ Perspective, Germany)
 
Safety and leadership_impact_its_a_numbers_game
Safety and leadership_impact_its_a_numbers_gameSafety and leadership_impact_its_a_numbers_game
Safety and leadership_impact_its_a_numbers_game
 
The IT community's take on Artificial Intelligence
The IT community's take on Artificial IntelligenceThe IT community's take on Artificial Intelligence
The IT community's take on Artificial Intelligence
 
Survey: IT is Everywhere (End Users’ Perspective, North America)
Survey: IT is Everywhere (End Users’ Perspective, North America)Survey: IT is Everywhere (End Users’ Perspective, North America)
Survey: IT is Everywhere (End Users’ Perspective, North America)
 
Webinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesWebinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design Practices
 
Horizon Scan 2016 - Canada
Horizon Scan 2016 - CanadaHorizon Scan 2016 - Canada
Horizon Scan 2016 - Canada
 
Survey: IT is Everywhere (End Users’ Perspective, Singapore)
Survey: IT is Everywhere (End Users’ Perspective, Singapore)Survey: IT is Everywhere (End Users’ Perspective, Singapore)
Survey: IT is Everywhere (End Users’ Perspective, Singapore)
 
Connected Research for Sunday Business Post March 2014
Connected Research for Sunday Business Post March 2014Connected Research for Sunday Business Post March 2014
Connected Research for Sunday Business Post March 2014
 
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
 
Survey: IT is Everywhere (End Users’ Perspective, UK)
Survey: IT is Everywhere (End Users’ Perspective, UK)Survey: IT is Everywhere (End Users’ Perspective, UK)
Survey: IT is Everywhere (End Users’ Perspective, UK)
 
2008 North Bridge Future of Open Source Study
2008 North Bridge Future of Open Source Study2008 North Bridge Future of Open Source Study
2008 North Bridge Future of Open Source Study
 
2015 Strategic Directions: Smart Utility Report
2015 Strategic Directions: Smart Utility Report2015 Strategic Directions: Smart Utility Report
2015 Strategic Directions: Smart Utility Report
 
2017 Software Developer Productivity Survey in the United States and Great Br...
2017 Software Developer Productivity Survey in the United States and Great Br...2017 Software Developer Productivity Survey in the United States and Great Br...
2017 Software Developer Productivity Survey in the United States and Great Br...
 
Survey: IT is Everywhere (End Users’ Perspective, Australia)
Survey: IT is Everywhere (End Users’ Perspective, Australia)Survey: IT is Everywhere (End Users’ Perspective, Australia)
Survey: IT is Everywhere (End Users’ Perspective, Australia)
 
Abuse Prevention App PPT (Engr. Madeeha Saeed]
Abuse Prevention App PPT (Engr. Madeeha Saeed]Abuse Prevention App PPT (Engr. Madeeha Saeed]
Abuse Prevention App PPT (Engr. Madeeha Saeed]
 
Pandemic Predictions: Comfort Crushers
Pandemic Predictions: Comfort CrushersPandemic Predictions: Comfort Crushers
Pandemic Predictions: Comfort Crushers
 

Viewers also liked

Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux FestBuilding an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Matt Tesauro
 
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
dev2ops
 
Agile AppSec DevOps
Agile AppSec DevOpsAgile AppSec DevOps
Agile AppSec DevOps
Robert Grupe, CSSLP CISSP PE PMP
 
DevOps AppSec Pipeline Velcocity NY 2015
DevOps AppSec Pipeline Velcocity NY 2015DevOps AppSec Pipeline Velcocity NY 2015
DevOps AppSec Pipeline Velcocity NY 2015
Aaron Weaver
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon
 
Master Continuous Delivery with CloudBees Jenkins Platform
Master Continuous Delivery with CloudBees Jenkins PlatformMaster Continuous Delivery with CloudBees Jenkins Platform
Master Continuous Delivery with CloudBees Jenkins Platformdcjuengst
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOps
Zane Lackey
 

Viewers also liked (7)

Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux FestBuilding an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
 
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
 
Agile AppSec DevOps
Agile AppSec DevOpsAgile AppSec DevOps
Agile AppSec DevOps
 
DevOps AppSec Pipeline Velcocity NY 2015
DevOps AppSec Pipeline Velcocity NY 2015DevOps AppSec Pipeline Velcocity NY 2015
DevOps AppSec Pipeline Velcocity NY 2015
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
 
Master Continuous Delivery with CloudBees Jenkins Platform
Master Continuous Delivery with CloudBees Jenkins PlatformMaster Continuous Delivery with CloudBees Jenkins Platform
Master Continuous Delivery with CloudBees Jenkins Platform
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOps
 

Similar to Lisa Conference 2014: DevOps and AppSec - Who is Responsible

Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022
Gartner Peer Insights
 
Survey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT InfrastructuresSurvey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT Infrastructures
SolarWinds
 
SolarWinds Federal Cybersecurity Survey
SolarWinds Federal Cybersecurity SurveySolarWinds Federal Cybersecurity Survey
SolarWinds Federal Cybersecurity Survey
SolarWinds
 
Cloud Management in the U.S. Federal Government
Cloud Management in the U.S. Federal GovernmentCloud Management in the U.S. Federal Government
Cloud Management in the U.S. Federal Government
scoopnewsgroup
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey
Adobe
 
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
SolarWinds
 
SANS 2013 Critical Security Controls Survey Moving From A.docx
SANS 2013 Critical Security Controls Survey Moving From A.docxSANS 2013 Critical Security Controls Survey Moving From A.docx
SANS 2013 Critical Security Controls Survey Moving From A.docx
anhlodge
 
The State of Remote Work Q4 2021
The State of Remote Work Q4 2021The State of Remote Work Q4 2021
The State of Remote Work Q4 2021
Gartner Peer Insights
 
CAPP Conference Survey
CAPP Conference SurveyCAPP Conference Survey
CAPP Conference Survey
CynergisTek, Inc.
 
Please read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxPlease read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docx
LeilaniPoolsy
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOC
Fidelis Cybersecurity
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
Rahul Neel Mani
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
FireEye, Inc.
 
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to MissPreparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
Enterprise Mobile
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
Security Innovation
 
Arkadin Unified Communications Report: The Missing 'U' in UC
Arkadin Unified Communications Report: The Missing 'U' in UCArkadin Unified Communications Report: The Missing 'U' in UC
Arkadin Unified Communications Report: The Missing 'U' in UC
The Cloud Communications division of NTT Ltd.
 
Automation in Public Sector IT Systems
Automation in Public Sector IT SystemsAutomation in Public Sector IT Systems
Automation in Public Sector IT SystemsSolarWinds
 
SANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveySANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls Survey
Edgar Alejandro Villegas
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdf
IDG
 
Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2
jmariani14
 

Similar to Lisa Conference 2014: DevOps and AppSec - Who is Responsible (20)

Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022
 
Survey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT InfrastructuresSurvey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT Infrastructures
 
SolarWinds Federal Cybersecurity Survey
SolarWinds Federal Cybersecurity SurveySolarWinds Federal Cybersecurity Survey
SolarWinds Federal Cybersecurity Survey
 
Cloud Management in the U.S. Federal Government
Cloud Management in the U.S. Federal GovernmentCloud Management in the U.S. Federal Government
Cloud Management in the U.S. Federal Government
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey
 
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
 
SANS 2013 Critical Security Controls Survey Moving From A.docx
SANS 2013 Critical Security Controls Survey Moving From A.docxSANS 2013 Critical Security Controls Survey Moving From A.docx
SANS 2013 Critical Security Controls Survey Moving From A.docx
 
The State of Remote Work Q4 2021
The State of Remote Work Q4 2021The State of Remote Work Q4 2021
The State of Remote Work Q4 2021
 
CAPP Conference Survey
CAPP Conference SurveyCAPP Conference Survey
CAPP Conference Survey
 
Please read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxPlease read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docx
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOC
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
 
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to MissPreparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
 
Arkadin Unified Communications Report: The Missing 'U' in UC
Arkadin Unified Communications Report: The Missing 'U' in UCArkadin Unified Communications Report: The Missing 'U' in UC
Arkadin Unified Communications Report: The Missing 'U' in UC
 
Automation in Public Sector IT Systems
Automation in Public Sector IT SystemsAutomation in Public Sector IT Systems
Automation in Public Sector IT Systems
 
SANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveySANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls Survey
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdf
 
Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2
 

More from SeniorStoryteller

Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
SeniorStoryteller
 
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua CormanWhere Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
SeniorStoryteller
 
Implementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ SchleenImplementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ Schleen
SeniorStoryteller
 
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionScaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
SeniorStoryteller
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
SeniorStoryteller
 
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
SeniorStoryteller
 
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul ReedRelease Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
SeniorStoryteller
 
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
SeniorStoryteller
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsOps Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon Edwards
SeniorStoryteller
 
Building Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh RaghavanBuilding Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh Raghavan
SeniorStoryteller
 
Breaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John WillisBreaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John Willis
SeniorStoryteller
 
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareDevSecOps - Building Rugged Software
DevSecOps - Building Rugged Software
SeniorStoryteller
 
NuGet Package Management Done Right
NuGet Package Management Done RightNuGet Package Management Done Right
NuGet Package Management Done Right
SeniorStoryteller
 
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and DockerHero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
SeniorStoryteller
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSoftware Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
SeniorStoryteller
 
Heroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps TransformationsHeroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps Transformations
SeniorStoryteller
 
Rugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessRugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for Success
SeniorStoryteller
 
Create Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply ChainCreate Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply Chain
SeniorStoryteller
 

More from SeniorStoryteller (20)

Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
 
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua CormanWhere Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
 
Implementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ SchleenImplementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ Schleen
 
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionScaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
 
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
 
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul ReedRelease Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
 
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsOps Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon Edwards
 
Building Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh RaghavanBuilding Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh Raghavan
 
Breaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John WillisBreaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John Willis
 
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareDevSecOps - Building Rugged Software
DevSecOps - Building Rugged Software
 
NuGet Package Management Done Right
NuGet Package Management Done RightNuGet Package Management Done Right
NuGet Package Management Done Right
 
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and DockerHero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSoftware Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
 
Heroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps TransformationsHeroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps Transformations
 
Rugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessRugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for Success
 
Create Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply ChainCreate Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply Chain
 

Recently uploaded

Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
Vlad Stirbu
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 

Recently uploaded (20)

Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 

Lisa Conference 2014: DevOps and AppSec - Who is Responsible

  • 1. Developers and Application Security: Who is Responsible? SURVEY RESULTS, November 2014 Mark Miller, Senior Storyteller
  • 4. 41% Q5 - In what industry does your business operate? 20% 17% 10% 6% Technology / ISV Consulting / SI Financial Services & Insurance Media / Entertain Public Sector Telecommunications Consumer Goods / Retail Other 14% 10% 6%
  • 7. 13% Q9 - Percentage of open source software? 40% 14% 15% 15% 0% open source 20% open source 40% open source 60% open source 80% open source 100% open source 5% 67% >5000 employees 50% in FSI 41% in Consulting 31% in Government 27% in Tech 44% for Java developers {What people estimate they are doing
  • 8. 13% Q9 - Percentage of open source software? 14% 15% 15% 0% open source 20% open source 40% open source 60% open source 80% open source 100% open source 5% 67% >5000 employees 50% in FSI 41% in Consulting 31% in Govt 27% in Tech 44% for Java developers {What people estimate they are doing What app scans reveal 40%
  • 9. 57% Q10 - For custom development, what languages are used? 31% 30% 25% 21% Java PHP .NET Ruby C/C++ 83% with > 5000 employees FSI: 82.5% Banking/Finance: 88% Government: 74%{
  • 10. Q11 - Who is the primary driver behind AppSec initiatives? 40% say dev (Q14) 76% say dev spends less than 15% time on AppSec (Q15) 42% say dev knows its important but does not have time to spend on it {40%
  • 11. Q11 - Who primarily drives AppSec initiatives? (filtered for developers only) 67% devs think they are the primary driver; (Q15) 26% say security is not their focus, 40% say they have no time to spend on it; (Q17) 74% state we have no policies or policies are not effectively enforced Observations: 84% w/ >5000 employees think it’s compliance / risk management {67%
  • 12. Q12 – Your role in AppSec? (1=not at all, 10 = highest priority) w/ >5000 employees, 75% rank security 8+ priority (Q17 – 58% of >5000 employees feel there is no clear security policy or that policy is not effectively enforced; 18% we don’t have clear policies 81% state Adherence to internal security policies is a top concern Conclusion: strong personal sense of responsibility, but little to not policies to enforce security standards; people make up their own standards w/ 101 – 1000 employees, 76% rank security 8+ priority Q17 – 67% employees feel there is no clear security policy or that policy is not effectively enforced. Q13 - 74% state adherence to internal security policies is a top concern Conclusion: “App Sec is important to me but we lack corporate policies so I’ll determine my own.”
  • 13. Q13 - Are any of these security concerns? 65.03% {#2 overall issue but only 31% test it #1 issue for government
  • 14. Q14 - How much time to developers spend on security?
  • 15. Q15 - Interest of in-house developers in regard to AppSec 41% in FSI know its important but don’t spend time 42% in tech {
  • 16. Q16 - When does App Dev spend time with security group? Observations: 23% say security checks happen, but (Q17) Only 12% have automated End of development cycle - 62% in government (#1 answer), 47% in financial services Historically, ‘end of development cycle’ is the most expensive option
  • 17. Q17 - Describe your current app security policies (Overall) Observations: 67.05% do not have clear, well defined, enforced policies 12.5% have well defined, automated policies
  • 18. Q17 - Describe your current app security policies (filtered for government) 59% policies not enforced compared to: 40% in FSI 28% in Tech{ 24% don’t have policies in place compared to: 20% in FSI 30% in Tech{Automated late in Development18% Automated across SW lifecycle12%
  • 19. Q17 - Describe your current app security policies (Developers only) 42% Do not have clear policies Observations: “I am responsible, but I have: • No tools • No policy • No time 9% Automation across lifecycle 7% Automation late in development cycle
  • 20. Q20 - If doing CI, how often is code compiled? Observations: If there is continuous integration, the percentage of automated testing increases 40% automate security testing here.
  • 21. Q23 - Where is security testing automated? Lower Cost Highest Cost High Cost Lower Cost
  • 22. Q18 - What are you testing? Observations: 80%+ of app composition is open source 30% of companies test open source • 37% tech • 20% in FSI • 29% in government
  • 24. Get the deck right now, within seconds Community@Sonatype.com
  • 26. Developers and Application Security: Who is Responsible? SURVEY RESULTS, November 2014 Mark Miller, Senior Storyteller

Editor's Notes

  1. Mark Miller, Senior Storyteller TheNEXUS Community Project http://www.sonatype.org/nexus/
  2. Mark Miller, Senior Storyteller TheNEXUS Community Project http://www.sonatype.org/nexus/