DevOps practices can be difficult to implement for any business. While the overall goal is to streamline the business and join the development and operations sides of things together, the first step needs to be a strong relationship between DevOps and security teams otherwise things will typically be harder than they need to be.
There are lots of reasons for these difficult relationships, but the common goal of efficiency and security should be to break down the silos in delivering secure applications. With everyone shooting for the same common goal, you are half of the way to better vulnerability program management and faster deployments.
In episode 4 of our AppSec podcast with Veracode, we discuss how businesses can ensure the DevOps integrates application security tools into a process that works smoothly and how leveraging focused code scans like with ThreadFix can be useful without slowing down the process. We also discuss the dangers of hiring staff from outside of your organization to lead the charge with your DevOps transitions, and the importance of having strong links between everyone in the chain from the very beginning. Check out episode 4 of the podcast here.