Articles

Padlock on a fence 4 Keys to Protecting Your Data in a DevOps World

It may seem like the desires for end-to-end DevOps and protection of sensitive data are in conflict, but if done correctly, they can be two sides of the same coin. DevOps processes such as version control and delivery automation introduce the very measures needed to properly protect production data. The key to keeping data safe while using it during your DevOps process is to focus on these four areas.

Tom Austin
Image of lock over code DevSecOps: Incorporate Security into DevOps to Reduce Software Risk

DevSecOps is a growing movement to incorporate security into DevOps practices in order to ensure flaws and weaknesses are exposed early on through monitoring, assessment, and analysis, so remediation can be implemented far earlier than traditional efforts. By failing fast with security testing, organizations reduce risk of a security incident and decrease the cost of rework.

Alan Crouch
left arrow Shift Left: Now for Open Source and Security Compliance

Shifting left has been focused on testing proprietary code earlier. But at what point in the lifecycle are you checking your open source compliance and ensuring you do not have security vulnerabilities? If you shift this process left and perform it earlier in your software development lifecycle, just like with testing, you can see the same benefits of saving time, money, and headaches.

Rami Sass
Question mark cursor Critical Questions to Ask When Choosing a Third-Party API

This article exposes the risks and hidden costs involved in the seemingly innocent decision of which third-party APIs to use to gather and report data, offload critical functionality, and save implementation time. It addresses some typical reasons the decision-making process over third-party use is overlooked, as well as how to make good choices confidently and consistently.

Paul Bruce

Better Software Magazine Articles

cyber thief What if Someone Steals Your Code?

Bob Zeidman, an expert in software forensics, provides a great overview of how to protect your software from predators. You'll learn the difference between copyrights, trade secrets, and patents.

Bob Zeidman
Pitfalls of Developing for the IoT

The Internet of Things (IoT) enables amazing software-powered devices designed to make our business and personal lives easier. Lev Lesokhin discusses four fundamental practices you'll need when developing sophisticated software for the IoT.

Lev Lesokhin
Your Professional Responsibility for Security and Performance

It is Johanna Rothman's belief that security and performance are no longer nonfunctional requirements in modern-day software development. Instead, we must prepare to accommodate security and performance needs in all projects.

Johanna Rothman
A Radical View of Software Licensing and Piracy

Software vendors are making extraordinary efforts to protect the installation and use of apps, but have they gone too far? Preventing software piracy can have an adverse effect on genuine users. Software licensing  technology, according to Steve, needs to strike the best balance of protecting the asset while trusting the customer.

Steven Cholerton

Interviews

Gene Gotimer Understanding the Role of QA in DevOps: An Interview with Gene Gotimer
Video

Gene Gotimer, senior architect at Coveros Inc., discusses understanding the role of QA in DevOps, DevOps educational tools, trusting your team, and paid and open source security tools.

Jennifer Bonine
Mike Faulise Giving Control Back to Software Developers: An Interview with Mike Faulise
Video

In this interview, Michael Faulise, the founder and managing partner at tap|QA, explains how the move toward DevOps and away from release management is giving control back to developers, then details why major companies often need partners to leverage CI, CD, and other modern techniques.

Jennifer Bonine
Jeff Payne Why You Need to Take Security and DevOps Seriously: An Interview with Jeff Payne
Video

In this interview, Jeff Payne, the CEO and cofounder of Coveros, explains why major companies just aren’t that good at security. He discusses how you can better protect your business, as well as why DevOps can and should be a key to your success.

Jennifer Bonine
Jeff Payne Getting Started with Security Testing: An Interview with Jeff Payne
Video

In this interview, Jeff Payne, the CEO and founder of Coveros, talks about software security. He discusses the Internet of Things and how it relates to safety-critical devices, some useful tools, how testers can test for security, and how DevOps pushes that process earlier in your lifecycle.

Jennifer Bonine

Conference Presentations

DevOps West 2018, Agile Dev West 2018, Better Software West 2018 A Definition of Done for DevSecOps
Slideshow

DevOps needs to consider many different aspects of software quality to deliver reliable software continuously. The term DevSecOps was developed to highlight that security is a key component of quality and cannot be ignored during continuous delivery. Join Gene Gotimer as he discusses how to determine a definition of done that includes security for DevOps pipelines. He'll discuss how continuous integration can invoke static analysis tools to test for security errors and check for software vulnerabilities. You'll learn how automated deployments and virtualization make dynamic environments available for testing in a production-like setting, and explore approaches to leverage existing regression tests to test for security as a side effect. Gene will reveal how a DevOps pipeline can be designed with security in mind.

Gene Gotimer
Automated Security Scanning for Your Delivery Pipeline
Slideshow

Agile development and DevOps depend on an automated pipeline to build, test, and deploy code quickly. Security is all too often viewed as a manual task that is too difficult to automate and something to be left for later—not a good decision! Matt Grasberger says that, by leveraging automated security scans with open source scanners, you can reduce the risk of security vulnerabilities, get the most out of your pipeline, and increase software quality. Matt thoroughly explains and demonstrates several ways to implement automated security scans. Discover how to quickly test endpoints against SQL injection with sqlmap, an open source penetration test tool. Explore how you can identify common vulnerabilities with OWASP ZAP, an open source web application scanner with scripting capabilities. See how you can apply these free or low-cost tools to introduce baseline security scanning into your DevOps pipeline.

Matthew Grasberger
Agile DevOps The T-Shaped Scrum Team: Get in Shape for Your Future
Slideshow

Today, agile teams are being asked to do more than ever before. The notion of a T-shaped person, created by Tim Brown (CEO of IDEO) in the 1990s, describes a new breed of worker—one who goes beyond the standard, assigned role. Mary Thorn believes that the roles of team members can stretch...

Mary Thorn
Mobile Dev Test Building and Testing Secure Mobile Apps
Slideshow

Mobile application development is now a mission-critical component of IT organizations and a big part of the software industry’s landscape. Due to the security threats associated with mobile devices, it is critical we build our apps—from the ground up—to be secure and trustworthy. However...

Alan Crouch

CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.