A perfect storm of factors brewing in the dev, ops, and security worlds have created a window of opportunity to embed security into the application delivery lifecycle, in a needle-moving kind of way. However, security teams need to be the ones driving the DevSecOps charge or that needle will barely wobble.
Given how many security practitioners spend their days putting out fires, adding “DevSecOps evangelist” to their job description is more likely to elicit groans than spur the desire to innovate application security. As understandable as that may be, unless security teams can create the groundswell needed for DevSecOps to stick, then another paradigm shift in computing will occur in which security gets left behind.
Source: Infoworld.com | Security