We had over 5,500 people respond to the DevSecOps Community Survey this year, making it the largest DevSecOps Survey ever. The findings, now available here, provide clarity into the state of DevSecOps.
We wouldn't collect these important insights without everyone who takes the time to complete the survey. So, as part of the program, we also conduct a raffle for the participants; which includes some awesome prizes, if I do say so myself. As someone who never wins anything, picking the winners was valuable for me. It's not every day that you can win a free Macbook Air or Amazon gift card.
So, without further adieu, I'm proud to introduce one of this year's winners: Brian McClung, Director of Deployment and Integration at Ericsson. We asked him to share a bit more about how he views DevSecOps and why it matters to him.
As we have increased our ability to deploy code to production, we have also increased the potential for rapidly releasing new security holes. Deploying security vulnerabilities with a release is as critical, if not more critical, as releasing bugs to production, and needs to be tracked similarly.
As in a typical DevOps journey, adding security is not as easy as plugging in new tools and calling it a day. Teams need to be trained on best practices, both in the use of the tools and in writing code. Keeping teams up to date with the latest vulnerabilities and best practices is an ongoing exercise that needs quarterly, if not more frequent, updates.
If you're in the middle of a DevOps roll out, adding security into the process should not be too much of a culture shock. Teams used to code scans, automated builds and releases can easily integrate the process. It's the additional work and training that culturally needs to change. Developers that once felt security was someone else's responsibility will need to change their mindset and realize that it is everyone’s responsibility. This may require bolstering team members' skills, so they are better prepared to work with the new workflows.
Congratulations, Brian. It was a 1 in 5,558 (0.018%) chance that you would win - and you did it.
To everyone who else did not win (like me), thanks again for participating in the survey this year. There's always next year to test your odds.