Suresh Chandra Bose Ganesh Bose – Cognizant
More than 85% of the applications from a public App store like Apple Store and Google Play violate one or more of the top 10 risks and vulnerabilities identified by OWASP. That clearly shows the current state of our insecure apps and hence the importance of DevSecOps is even more prominent today with the need for a transformational shift to improve the AppSec.
By integrating application security principles and practices into software development and operations, teams can deliver with more agility but at the same time not compromising application security.
The paper will articulate how to apply the DevSecOps best practices from Gartner across the different pillars of the Continuous Delivery Pipeline. Threat Modeling as a service (TMaaS) is carried out to help discover the vulnerabilities and plug any gaps in security controls by identifying the threats and build the necessary protection into your DevSecOps workflows. With 60%-80% of today’s typical application is open source code, the primary focus is to identify and removing Known Open-Source vulnerabilities.
The effective outcomes were measured by tracking 6 key metrics to validate if DevSecOps is successfully implemented. When done right, DevSecOps goes well beyond “shifting security left” to “shifting security everywhere” ensuring the application is secure in development, delivery, and in production with faster delivery when security is integrated into the DevOps pipeline with improved security posture enabling greater overall business success.