Adapting AppSec to a DevOps World

DevOps software development presents a fundamental challenge to traditional software security practices. Multi-day static and dynamic analysis run by a small pool of security experts is not a tenable model when the business demands multiple software releases per day. Modern system administration and quality assurance roles have adapted by using automation to empower developers to elevate code safely and as often as possible. By operating within the DevOps culture and tooling, security experts can educate developers and instrument systems in much the same way as other stakeholders in the development process. Proper abuse case development, metrics, unit, and integration testing can minimize risk while still enabling the rapid software development that businesses demand.