*By Thiago Spósito
The last thing development teams need is to deploy new features with vulnerabilities. Cybersecurity has never been as important as it is now, as the volume of application development has grown a lot, as well as the advancement of storage and processing technologies have opened important flanks increasing the complexity of this journey.
An August 2023 Dynatrace study finds that nearly two-thirds of CISOs (64%) in Brazil say vulnerability management is more difficult because complexity in their software supply chain and cloud ecosystem has increased. Another difficulty detected by C-Levels in Cybersecurity involves maintaining a culture of secure development of applications and software.
In the survey, 90% of the leaders interviewed said that the use of very specific solutions and processes increases the possibilities of vulnerabilities, which will result in more exploitation by cybercriminals. However, it is estimated that only 10% of companies have mature DevSecOps.
DevSecOps is closely associated with collaboration between developers and operations to improve the delivery and reliability of applications in production. The concept consolidates a fundamental software delivery cycle in an automated way, becoming a culture specific to both those who develop and deploy applications safely. Furthermore, it integrates automated audits, penetration tests and is part of an agile application design methodology.
Many DevOps teams find themselves on a mission to organize the chaos of application infrastructure implementations that grow organically. And this includes automating the delivery pipeline with CI/CD (continuous integration and continuous delivery), standardizing configurations with containers, and configuring infrastructure as code within a software development lifecycle to build projects that are reliable, reusable, and compatible.
Is DevOps hard? Yes, it is definitely challenging. However, the choice between faster development and greater reliability shouldn't be. We are seeing a major turning point in incorporating security and creating a stronger DevSecOps culture and making more and more developers aware of and responsible for the security of their applications.
*THiago Spósito, partner at Add Value
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies