“The software development lifecycle begins the moment a person has a bright idea about a new application. If the developer trusts that security professionals want to improve its creation, rather than think they just impose roadblocks, bringing the idea to fruition will run much more smoothly…”
“Greg Edwards, CISO for the Federal Emergency Management Agency, said that when the requirements for a new software application are developed, the security requirements should be included.
‘We all know this, but why haven’t we embraced this more fully?’ Edwards said. ‘It’s the trust factor, and it’s the timelines. Sometimes it’s difficult to wedge in security in those milestones … Understanding that security will affect the implementation timeline [means] we have to talk about software development.’…”
“Nicole Willis, CTO for the Office of Inspector General, Department of Health and Human Services, said the increased focus on security represents a big culture shift.
‘We’re implementing security at all levels of projects, from planning [on to release],’ Willis said. ‘We’re embedding security in our DevOps team. It’s important that they have that security mindset in place as they develop the projects.’…” Read the full article here.
Source: Successful DevSecOps Starts With Trust, Government Experts Say – By Patience Wait, January 18, 2022. Nextgov.
