Fortifying Processes Via Security Standards
System development has embraced practices and processes to continuously develop, integrate, deploy, and operate software capabilities and services - typically called DevOps. These practices require automated tools and technologies to streamline the processing pipeline and advance the pace and quality of information systems. Many domains (e.g., banking, medical, military, and government) require higher levels of security and safety incorporated into their DevOps practices. They integrate enhanced security and safety assessments and testing into those practices, thereby coining the term DevSecOps.
The principles and practices of DevSecOps are generally understood. Many organizations in the marketplace espouse very similar but slightly different definitions and concepts. There are few technical standards to aid with portability or interoperability among implementations. This working group is looking to bring in developing and/or recognizing specifications as a neutral consensus-based standards development organization to this area.
Come help us identify the focus of future standards in this area to explore how they could help this market space and engage with influential organizations in the DevSecOps arena to improve the overall state of practice, integration, interoperability, and understanding across the industry.
Watch the March 2024 DevSecOps Info Day session here!
If you are interested in helping drive this initiative, please contact [email protected].