Software development has traditionally released over a longer period of time because the software must go through a series of tests from separate security and quality assurance teams, which creates silos and contributes to a longer release time.
More modern software development works in smaller rollouts within a cloud-based system. Agile development practices have become more prevalent as code is rolling out more quickly and usually in an automated manner. Companies can innovate more quickly with the use of new processes and tools.
DevOps developed as a result of new cloud rollout capabilities, but security was frequently left out of the process. DevSecOps corrects this process by implementing security testing at a higher level and within the continuous development cycle.
A DevSecOps environment accounts for:
- A development team conducting security testing
- Development team manages issues found during the security testing phase.
- Issues found are fixed by the development team.