DevOps practices such as continuous integration, automated testing, continuous delivery and continuous deployment are increasingly helping federal agencies speed up software delivery. Agile development methodology is common in the federal government now, and DevOps is accelerating the pace even more.
However, progress often halts abruptly when security comes into play. Security is often behind the digital transformation curve, subjecting the output of Agile and DevOps to old-school polices and manual processes.
SecDevOps promises to break through the impasse, building security into the development process at the start. In the SecDevOps model, a culture focused on secure coding standards and security testing at the point of build integration identifies security vulnerabilities during the development process rather than at the end of it. Over time, development teams become more proficient in security. They create fewer security vulnerabilities and identify risks quickly. The result: improved security while maintaining a consistent velocity.