Event Recap: DevSecOps 2023 – What’s New

The basic definition of DevSecOps is a development process that integrates security at each stage of the software development life cycle or SDLC. As Timothy Chick from Carnegie Mellon University Software Engineering Institute said however, it’s also “a cultural thing, a collaboration. There are people, processes and tools, and a coupling of different priorities and different interests. The goal of a successful DevSecOps operation, according to Derrick Curtis with the Dept. of Veterans Affairs, is “increased quality through reduced errors and reduced vulnerabilities” as well as “integrating the entire process…to enhance operations throughout.” So, how does an agency successfully implement?

This kind of adoption often requires the “commitment at the absolute highest level in the agency,” pointed out Spence Spencer from the U.S. Patent and Trademark Office. Other best practices mentioned in the webinar include:

• stay away from single-use tools (if possible);
• stick with industry standard tools;
• sechnology should not force the agency to change their process(es);
• find ways to measure the impact of initiatives;
• align technology and process within existing frameworks.