Secure DevOps: Fact or Fiction? SANS Survey Finds Enterprises Are Not Fixing Security Vulnerabilities

BETHESDA, Md., Oct. 30, 2018 /PRNewswire/ -- The new SANS survey, Secure DevOps: Fact or Fiction?, finds that fewer than half (46%) of respondents are confronting security risks up front in requirements and service design—and only half of respondents are fixing major vulnerabilities. Survey results will be released in webcasts November 8 and 9.

"Modern business, especially mobile and cloud computing, demands a rapid and agile approach to app development. Yet, security is being left behind, and its requirements are not being addressed early enough in the software design life cycle," said SANS Senior Analyst Barbara Filkins. "And protecting legacy apps is still a diversion," she added.

"While achieving DevOps is still aspirational for most organizations, secure DevOps is even more challenging," said SANS analyst and survey co-author Jim Bird. "What we found in our research is that while DevOps—and AppSec—programs focus on engineering, on finding better tools and on following better practices, the biggest challenges in secure DevOps are organizational, not technical. To succeed, secure DevOps needs every level of management, not just the CISO, to buy in."

The report notes that for secure DevOps, security teams can better collaborate and communicate, protect both legacy and emerging apps and plan resources to deal with evolving platforms.

Full survey results, along with actionable takeaways for security and risk management leaders, will be shared during a two-part webcast sponsored by Aqua Security, CA Veracode, Qualys, Rapid7, Signal Sciences, WhiteHat Security and hosted by SANS.

Register to attend the November 8 webcast at 1 p.m. EST at https://www.sans.org/webcasts/107425 to learn how practitioners are handling evolving DevOps requirements and challenges, and the November 9 webcast at 1 p.m. EST at https://www.sans.org/webcasts/107960 to learn about incorporating security into the software development lifecycle. Those who register will also receive access to the published results paper developed by Jim Bird and Barbara Filkins.

Tweet This:

SANS Secure DevOps Survey | Learn how organizations are integrating security into AppDev | Nov. 8 | https://www.sans.org/webcasts/107425

SANS Secure DevOps Survey | Organizations still fighting legacy and technical debt issues | Nov. 9 | https://www.sans.org/webcasts/107960

Organizations are integrating security into AppDev, but still fighting legacy and technical debt issues | Part 1, https://www.sans.org/webcasts/107425 | Part 2, https://www.sans.org/webcasts/107960

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (https://www.sans.org)

SOURCE SANS Institute

Related Links

http://www.sans.org