DevSecOps isn't working. In many organizations, it has been used to add more control over developers and add roadblocks to delivering applications. Across the board, there has been a negative impact on the CI/CD pipeline, resulting in longer cycle times, and worst of all, the systems aren't getting more secure. We know this because the breaches keep coming.
DevSecOps needs to find a new way. This talk explores what is missing in most organizations, the intersection points between developers and security, and what to do about it. We'll discuss how composition and context work together, how to improve CI/CD pipeline issues, reduce the time for discovery of security issues, and provide collaboration between groups.
Developers and security engineers alike will find this session useful as they find ways to work together along with tools, tips, and examples to overcome common obstacles.
Talk originally delivered on August 16th at DeveloperWeek in San Mateo, CA.