SlideShare ist ein Scribd-Unternehmen logo

Lisa Conference 2014: DevOps and AppSec - Who is Responsible

Als PPTX, PDF herunterladen
S
SeniorStoryteller

Result of the 2014 Survey, DevOps and AppSec - Who is Responsible

Technologie
1 von 26
Developers and Application Security: Who is Responsible? SURVEY RESULTS, November 2014 Mark Miller, Senior Storyteller
Mark Miller
Survey Sponsors
41% Q5 - In what industry does your business operate? 20% 17% 10% 6% Technology / ISV Consulting / SI Financial Services & Insurance Media / Entertain Public Sector Telecommunications Consumer Goods / Retail Other 14% 10% 6%
Operations 25% Security 16% Other 3% DevOps 30% Development 26% Q1 – What is your role within your current organization?
Senior Management 8% Executive Management 6% Practitioner 46% Manager 40% Q3 – What is your responsibility level?
13% Q9 - Percentage of open source software? 40% 14% 15% 15% 0% open source 20% open source 40% open source 60% open source 80% open source 100% open source 5% 67% >5000 employees 50% in FSI 41% in Consulting 31% in Government 27% in Tech 44% for Java developers {What people estimate they are doing
13% Q9 - Percentage of open source software? 14% 15% 15% 0% open source 20% open source 40% open source 60% open source 80% open source 100% open source 5% 67% >5000 employees 50% in FSI 41% in Consulting 31% in Govt 27% in Tech 44% for Java developers {What people estimate they are doing What app scans reveal 40%
57% Q10 - For custom development, what languages are used? 31% 30% 25% 21% Java PHP .NET Ruby C/C++ 83% with > 5000 employees FSI: 82.5% Banking/Finance: 88% Government: 74%{
Q11 - Who is the primary driver behind AppSec initiatives? 40% say dev (Q14) 76% say dev spends less than 15% time on AppSec (Q15) 42% say dev knows its important but does not have time to spend on it {40%
Q11 - Who primarily drives AppSec initiatives? (filtered for developers only) 67% devs think they are the primary driver; (Q15) 26% say security is not their focus, 40% say they have no time to spend on it; (Q17) 74% state we have no policies or policies are not effectively enforced Observations: 84% w/ >5000 employees think it’s compliance / risk management {67%
Q12 – Your role in AppSec? (1=not at all, 10 = highest priority) w/ >5000 employees, 75% rank security 8+ priority (Q17 – 58% of >5000 employees feel there is no clear security policy or that policy is not effectively enforced; 18% we don’t have clear policies 81% state Adherence to internal security policies is a top concern Conclusion: strong personal sense of responsibility, but little to not policies to enforce security standards; people make up their own standards w/ 101 – 1000 employees, 76% rank security 8+ priority Q17 – 67% employees feel there is no clear security policy or that policy is not effectively enforced. Q13 - 74% state adherence to internal security policies is a top concern Conclusion: “App Sec is important to me but we lack corporate policies so I’ll determine my own.”
Q13 - Are any of these security concerns? 65.03% {#2 overall issue but only 31% test it #1 issue for government
Q14 - How much time to developers spend on security?
Q15 - Interest of in-house developers in regard to AppSec 41% in FSI know its important but don’t spend time 42% in tech {
Q16 - When does App Dev spend time with security group? Observations: 23% say security checks happen, but (Q17) Only 12% have automated End of development cycle - 62% in government (#1 answer), 47% in financial services Historically, ‘end of development cycle’ is the most expensive option
Q17 - Describe your current app security policies (Overall) Observations: 67.05% do not have clear, well defined, enforced policies 12.5% have well defined, automated policies
Q17 - Describe your current app security policies (filtered for government) 59% policies not enforced compared to: 40% in FSI 28% in Tech{ 24% don’t have policies in place compared to: 20% in FSI 30% in Tech{Automated late in Development18% Automated across SW lifecycle12%
Q17 - Describe your current app security policies (Developers only) 42% Do not have clear policies Observations: “I am responsible, but I have: • No tools • No policy • No time 9% Automation across lifecycle 7% Automation late in development cycle
Q20 - If doing CI, how often is code compiled? Observations: If there is continuous integration, the percentage of automated testing increases 40% automate security testing here.
Q23 - Where is security testing automated? Lower Cost Highest Cost High Cost Lower Cost
Q18 - What are you testing? Observations: 80%+ of app composition is open source 30% of companies test open source • 37% tech • 20% in FSI • 29% in government
Summary
Get the deck right now, within seconds Community@Sonatype.com
Survey Sponsors
Developers and Application Security: Who is Responsible? SURVEY RESULTS, November 2014 Mark Miller, Senior Storyteller

Empfohlen

The Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentThe Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentSonatype
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software SurveySonatype
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...ARC Advisory Group
 
Survey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSurvey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSolarWinds
 
Meet the Experts
Meet the ExpertsMeet the Experts
Meet the ExpertsExperts Exchange
 
Meet our Community- Experts Exchange at a Glance
Meet our Community- Experts Exchange at a GlanceMeet our Community- Experts Exchange at a Glance
Meet our Community- Experts Exchange at a GlanceJaime Sterling Lewis
 
Medgate: How Communication Builds Safety Culture
Medgate: How Communication Builds Safety CultureMedgate: How Communication Builds Safety Culture
Medgate: How Communication Builds Safety CultureThe Windsdor Consulting Group, Inc.
 

Empfohlen

The Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentThe Hidden Risk of Component Based Software Development
The Hidden Risk of Component Based Software DevelopmentSonatype
 
Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software Survey Sonatype's 2013 OSS Software Survey
Sonatype's 2013 OSS Software SurveySonatype
 
Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Live 2014 Survey Results: Open Source Development and Application Security Su...
Live 2014 Survey Results: Open Source Development and Application Security Su...Sonatype
 
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...
ARC's Bob Mick's Cyber Security Standards Presentation at ARC's 2008 Industry...ARC Advisory Group
 
Survey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSurvey: Security Analytics and Intelligence
Survey: Security Analytics and IntelligenceSolarWinds
 
Meet the Experts
Meet the ExpertsMeet the Experts
Meet the ExpertsExperts Exchange
 
Meet our Community- Experts Exchange at a Glance
Meet our Community- Experts Exchange at a GlanceMeet our Community- Experts Exchange at a Glance
Meet our Community- Experts Exchange at a GlanceJaime Sterling Lewis
 
Medgate: How Communication Builds Safety Culture
Medgate: How Communication Builds Safety CultureMedgate: How Communication Builds Safety Culture
Medgate: How Communication Builds Safety CultureThe Windsdor Consulting Group, Inc.
 
Managing budgets in the public sector survey - Current challenges and future ...
Managing budgets in the public sector survey - Current challenges and future ...Managing budgets in the public sector survey - Current challenges and future ...
Managing budgets in the public sector survey - Current challenges and future ...Advanced Business Solutions
 
InsightsEd - Global EdTech Snapshot - July 2015
InsightsEd - Global EdTech Snapshot - July 2015InsightsEd - Global EdTech Snapshot - July 2015
InsightsEd - Global EdTech Snapshot - July 2015Indalytics Advisors
 
New Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesNew Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesSynopsys Software Integrity Group
 
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...Massimiliano Mandolini
 
Survey: IT is Everywhere (End Users’ Perspective, Germany)
Survey: IT is Everywhere (End Users’ Perspective, Germany)Survey: IT is Everywhere (End Users’ Perspective, Germany)
Survey: IT is Everywhere (End Users’ Perspective, Germany)SolarWinds
 
Safety and leadership_impact_its_a_numbers_game
Safety and leadership_impact_its_a_numbers_gameSafety and leadership_impact_its_a_numbers_game
Safety and leadership_impact_its_a_numbers_gameRebecca Sue (nee Marlow)
 
The IT community's take on Artificial Intelligence
The IT community's take on Artificial IntelligenceThe IT community's take on Artificial Intelligence
The IT community's take on Artificial IntelligencePulse Q&A
 
Survey: IT is Everywhere (End Users’ Perspective, North America)
Survey: IT is Everywhere (End Users’ Perspective, North America)Survey: IT is Everywhere (End Users’ Perspective, North America)
Survey: IT is Everywhere (End Users’ Perspective, North America)SolarWinds
 
Webinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesWebinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesSynopsys Software Integrity Group
 
Horizon Scan 2016 - Canada
Horizon Scan 2016 - CanadaHorizon Scan 2016 - Canada
Horizon Scan 2016 - CanadaAndrew Scott
 
Survey: IT is Everywhere (End Users’ Perspective, Singapore)
Survey: IT is Everywhere (End Users’ Perspective, Singapore)Survey: IT is Everywhere (End Users’ Perspective, Singapore)
Survey: IT is Everywhere (End Users’ Perspective, Singapore)SolarWinds
 
Connected Research for Sunday Business Post March 2014
Connected Research for Sunday Business Post March 2014Connected Research for Sunday Business Post March 2014
Connected Research for Sunday Business Post March 2014Amarach Research
 
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)SolarWinds
 
Survey: IT is Everywhere (End Users’ Perspective, UK)
Survey: IT is Everywhere (End Users’ Perspective, UK)Survey: IT is Everywhere (End Users’ Perspective, UK)
Survey: IT is Everywhere (End Users’ Perspective, UK)SolarWinds
 
2008 North Bridge Future of Open Source Study
2008 North Bridge Future of Open Source Study2008 North Bridge Future of Open Source Study
2008 North Bridge Future of Open Source StudyNorth Bridge
 
2015 Strategic Directions: Smart Utility Report
2015 Strategic Directions: Smart Utility Report2015 Strategic Directions: Smart Utility Report
2015 Strategic Directions: Smart Utility ReportBlack & Veatch
 
2017 Software Developer Productivity Survey in the United States and Great Br...
2017 Software Developer Productivity Survey in the United States and Great Br...2017 Software Developer Productivity Survey in the United States and Great Br...
2017 Software Developer Productivity Survey in the United States and Great Br...GitPrime
 
Survey: IT is Everywhere (End Users’ Perspective, Australia)
Survey: IT is Everywhere (End Users’ Perspective, Australia)Survey: IT is Everywhere (End Users’ Perspective, Australia)
Survey: IT is Everywhere (End Users’ Perspective, Australia)SolarWinds
 
Abuse Prevention App PPT (Engr. Madeeha Saeed]
Abuse Prevention App PPT (Engr. Madeeha Saeed]Abuse Prevention App PPT (Engr. Madeeha Saeed]
Abuse Prevention App PPT (Engr. Madeeha Saeed]Madeeha Saeed
 
Pandemic Predictions: Comfort Crushers
Pandemic Predictions: Comfort CrushersPandemic Predictions: Comfort Crushers
Pandemic Predictions: Comfort CrushersSatisFactsEducation
 
Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux FestBuilding an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux FestMatt Tesauro
 
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)dev2ops
 

Weitere ähnliche Inhalte

Was ist angesagt?

Managing budgets in the public sector survey - Current challenges and future ...
Managing budgets in the public sector survey - Current challenges and future ...Managing budgets in the public sector survey - Current challenges and future ...
Managing budgets in the public sector survey - Current challenges and future ...Advanced Business Solutions
 
InsightsEd - Global EdTech Snapshot - July 2015
InsightsEd - Global EdTech Snapshot - July 2015InsightsEd - Global EdTech Snapshot - July 2015
InsightsEd - Global EdTech Snapshot - July 2015Indalytics Advisors
 
New Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesNew Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesSynopsys Software Integrity Group
 
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...Massimiliano Mandolini
 
Survey: IT is Everywhere (End Users’ Perspective, Germany)
Survey: IT is Everywhere (End Users’ Perspective, Germany)Survey: IT is Everywhere (End Users’ Perspective, Germany)
Survey: IT is Everywhere (End Users’ Perspective, Germany)SolarWinds
 
Safety and leadership_impact_its_a_numbers_game
Safety and leadership_impact_its_a_numbers_gameSafety and leadership_impact_its_a_numbers_game
Safety and leadership_impact_its_a_numbers_gameRebecca Sue (nee Marlow)
 
The IT community's take on Artificial Intelligence
The IT community's take on Artificial IntelligenceThe IT community's take on Artificial Intelligence
The IT community's take on Artificial IntelligencePulse Q&A
 
Survey: IT is Everywhere (End Users’ Perspective, North America)
Survey: IT is Everywhere (End Users’ Perspective, North America)Survey: IT is Everywhere (End Users’ Perspective, North America)
Survey: IT is Everywhere (End Users’ Perspective, North America)SolarWinds
 
Webinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesWebinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesSynopsys Software Integrity Group
 
Horizon Scan 2016 - Canada
Horizon Scan 2016 - CanadaHorizon Scan 2016 - Canada
Horizon Scan 2016 - CanadaAndrew Scott
 
Survey: IT is Everywhere (End Users’ Perspective, Singapore)
Survey: IT is Everywhere (End Users’ Perspective, Singapore)Survey: IT is Everywhere (End Users’ Perspective, Singapore)
Survey: IT is Everywhere (End Users’ Perspective, Singapore)SolarWinds
 
Connected Research for Sunday Business Post March 2014
Connected Research for Sunday Business Post March 2014Connected Research for Sunday Business Post March 2014
Connected Research for Sunday Business Post March 2014Amarach Research
 
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)SolarWinds
 
Survey: IT is Everywhere (End Users’ Perspective, UK)
Survey: IT is Everywhere (End Users’ Perspective, UK)Survey: IT is Everywhere (End Users’ Perspective, UK)
Survey: IT is Everywhere (End Users’ Perspective, UK)SolarWinds
 
2008 North Bridge Future of Open Source Study
2008 North Bridge Future of Open Source Study2008 North Bridge Future of Open Source Study
2008 North Bridge Future of Open Source StudyNorth Bridge
 
2015 Strategic Directions: Smart Utility Report
2015 Strategic Directions: Smart Utility Report2015 Strategic Directions: Smart Utility Report
2015 Strategic Directions: Smart Utility ReportBlack & Veatch
 
2017 Software Developer Productivity Survey in the United States and Great Br...
2017 Software Developer Productivity Survey in the United States and Great Br...2017 Software Developer Productivity Survey in the United States and Great Br...
2017 Software Developer Productivity Survey in the United States and Great Br...GitPrime
 
Survey: IT is Everywhere (End Users’ Perspective, Australia)
Survey: IT is Everywhere (End Users’ Perspective, Australia)Survey: IT is Everywhere (End Users’ Perspective, Australia)
Survey: IT is Everywhere (End Users’ Perspective, Australia)SolarWinds
 
Abuse Prevention App PPT (Engr. Madeeha Saeed]
Abuse Prevention App PPT (Engr. Madeeha Saeed]Abuse Prevention App PPT (Engr. Madeeha Saeed]
Abuse Prevention App PPT (Engr. Madeeha Saeed]Madeeha Saeed
 
Pandemic Predictions: Comfort Crushers
Pandemic Predictions: Comfort CrushersPandemic Predictions: Comfort Crushers
Pandemic Predictions: Comfort CrushersSatisFactsEducation
 

Was ist angesagt? (20)

Managing budgets in the public sector survey - Current challenges and future ...
Managing budgets in the public sector survey - Current challenges and future ...Managing budgets in the public sector survey - Current challenges and future ...
Managing budgets in the public sector survey - Current challenges and future ...
 
InsightsEd - Global EdTech Snapshot - July 2015
InsightsEd - Global EdTech Snapshot - July 2015InsightsEd - Global EdTech Snapshot - July 2015
InsightsEd - Global EdTech Snapshot - July 2015
 
New Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challengesNew Synopsys research uncovers security's biggest challenges
New Synopsys research uncovers security's biggest challenges
 
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
Infographic 2014 smart_grid_cybersecurity_survey_smart_modular_technologies_z...
 
Survey: IT is Everywhere (End Users’ Perspective, Germany)
Survey: IT is Everywhere (End Users’ Perspective, Germany)Survey: IT is Everywhere (End Users’ Perspective, Germany)
Survey: IT is Everywhere (End Users’ Perspective, Germany)
 
Safety and leadership_impact_its_a_numbers_game
Safety and leadership_impact_its_a_numbers_gameSafety and leadership_impact_its_a_numbers_game
Safety and leadership_impact_its_a_numbers_game
 
The IT community's take on Artificial Intelligence
The IT community's take on Artificial IntelligenceThe IT community's take on Artificial Intelligence
The IT community's take on Artificial Intelligence
 
Survey: IT is Everywhere (End Users’ Perspective, North America)
Survey: IT is Everywhere (End Users’ Perspective, North America)Survey: IT is Everywhere (End Users’ Perspective, North America)
Survey: IT is Everywhere (End Users’ Perspective, North America)
 
Webinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design PracticesWebinar: Systems Failures Fuel Security-Focused Design Practices
Webinar: Systems Failures Fuel Security-Focused Design Practices
 
Horizon Scan 2016 - Canada
Horizon Scan 2016 - CanadaHorizon Scan 2016 - Canada
Horizon Scan 2016 - Canada
 
Survey: IT is Everywhere (End Users’ Perspective, Singapore)
Survey: IT is Everywhere (End Users’ Perspective, Singapore)Survey: IT is Everywhere (End Users’ Perspective, Singapore)
Survey: IT is Everywhere (End Users’ Perspective, Singapore)
 
Connected Research for Sunday Business Post March 2014
Connected Research for Sunday Business Post March 2014Connected Research for Sunday Business Post March 2014
Connected Research for Sunday Business Post March 2014
 
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
Survey: IT is Everywhere (End Users’ Perspective, Hong Kong)
 
Survey: IT is Everywhere (End Users’ Perspective, UK)
Survey: IT is Everywhere (End Users’ Perspective, UK)Survey: IT is Everywhere (End Users’ Perspective, UK)
Survey: IT is Everywhere (End Users’ Perspective, UK)
 
2008 North Bridge Future of Open Source Study
2008 North Bridge Future of Open Source Study2008 North Bridge Future of Open Source Study
2008 North Bridge Future of Open Source Study
 
2015 Strategic Directions: Smart Utility Report
2015 Strategic Directions: Smart Utility Report2015 Strategic Directions: Smart Utility Report
2015 Strategic Directions: Smart Utility Report
 
2017 Software Developer Productivity Survey in the United States and Great Br...
2017 Software Developer Productivity Survey in the United States and Great Br...2017 Software Developer Productivity Survey in the United States and Great Br...
2017 Software Developer Productivity Survey in the United States and Great Br...
 
Survey: IT is Everywhere (End Users’ Perspective, Australia)
Survey: IT is Everywhere (End Users’ Perspective, Australia)Survey: IT is Everywhere (End Users’ Perspective, Australia)
Survey: IT is Everywhere (End Users’ Perspective, Australia)
 
Abuse Prevention App PPT (Engr. Madeeha Saeed]
Abuse Prevention App PPT (Engr. Madeeha Saeed]Abuse Prevention App PPT (Engr. Madeeha Saeed]
Abuse Prevention App PPT (Engr. Madeeha Saeed]
 
Pandemic Predictions: Comfort Crushers
Pandemic Predictions: Comfort CrushersPandemic Predictions: Comfort Crushers
Pandemic Predictions: Comfort Crushers
 

Andere mochten auch

Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux FestBuilding an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux FestMatt Tesauro
 
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)dev2ops
 
DevOps AppSec Pipeline Velcocity NY 2015
DevOps AppSec Pipeline Velcocity NY 2015DevOps AppSec Pipeline Velcocity NY 2015
DevOps AppSec Pipeline Velcocity NY 2015Aaron Weaver
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon
 
Master Continuous Delivery with CloudBees Jenkins Platform
Master Continuous Delivery with CloudBees Jenkins PlatformMaster Continuous Delivery with CloudBees Jenkins Platform
Master Continuous Delivery with CloudBees Jenkins Platformdcjuengst
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsZane Lackey
 

Andere mochten auch (7)

Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux FestBuilding an Open Source AppSec Pipeline - 2015 Texas Linux Fest
Building an Open Source AppSec Pipeline - 2015 Texas Linux Fest
 
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
Leveraging Your Company's DevOps Transformation (AppSec USA 2014)
 
Agile AppSec DevOps
Agile AppSec DevOpsAgile AppSec DevOps
Agile AppSec DevOps
 
DevOps AppSec Pipeline Velcocity NY 2015
DevOps AppSec Pipeline Velcocity NY 2015DevOps AppSec Pipeline Velcocity NY 2015
DevOps AppSec Pipeline Velcocity NY 2015
 
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world casesDevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
DevSecCon Asia 2017 Ofer Maor: AppSec DevOps automation – real world cases
 
Master Continuous Delivery with CloudBees Jenkins Platform
Master Continuous Delivery with CloudBees Jenkins PlatformMaster Continuous Delivery with CloudBees Jenkins Platform
Master Continuous Delivery with CloudBees Jenkins Platform
 
How to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOpsHow to adapt the SDLC to the era of DevSecOps
How to adapt the SDLC to the era of DevSecOps
 

Ähnlich wie Lisa Conference 2014: DevOps and AppSec - Who is Responsible

Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Gartner Peer Insights
 
Survey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT InfrastructuresSurvey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT InfrastructuresSolarWinds
 
SolarWinds Federal Cybersecurity Survey
SolarWinds Federal Cybersecurity SurveySolarWinds Federal Cybersecurity Survey
SolarWinds Federal Cybersecurity SurveySolarWinds
 
Cloud Management in the U.S. Federal Government
Cloud Management in the U.S. Federal GovernmentCloud Management in the U.S. Federal Government
Cloud Management in the U.S. Federal Governmentscoopnewsgroup
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity SurveyAdobe
 
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...SolarWinds
 
SANS 2013 Critical Security Controls Survey Moving From A.docx
SANS 2013 Critical Security Controls Survey Moving From A.docxSANS 2013 Critical Security Controls Survey Moving From A.docx
SANS 2013 Critical Security Controls Survey Moving From A.docxanhlodge
 
Please read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxPlease read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxLeilaniPoolsy
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCFidelis Cybersecurity
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisRahul Neel Mani
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
 
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to MissPreparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to MissEnterprise Mobile
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Security Innovation
 
Automation in Public Sector IT Systems
Automation in Public Sector IT SystemsAutomation in Public Sector IT Systems
Automation in Public Sector IT SystemsSolarWinds
 
SANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveySANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveyEdgar Alejandro Villegas
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfIDG
 
Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2jmariani14
 

Ähnlich wie Lisa Conference 2014: DevOps and AppSec - Who is Responsible (20)

Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022Cybersecurity Quarterly Benchmarks Q1 2022
Cybersecurity Quarterly Benchmarks Q1 2022
 
Survey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT InfrastructuresSurvey: Application Use & Challenges in Government IT Infrastructures
Survey: Application Use & Challenges in Government IT Infrastructures
 
SolarWinds Federal Cybersecurity Survey
SolarWinds Federal Cybersecurity SurveySolarWinds Federal Cybersecurity Survey
SolarWinds Federal Cybersecurity Survey
 
Cloud Management in the U.S. Federal Government
Cloud Management in the U.S. Federal GovernmentCloud Management in the U.S. Federal Government
Cloud Management in the U.S. Federal Government
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey
 
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
AFCEA Cybersecurity through Continuous Monitoring: SolarWinds Survey Results ...
 
SANS 2013 Critical Security Controls Survey Moving From A.docx
SANS 2013 Critical Security Controls Survey Moving From A.docxSANS 2013 Critical Security Controls Survey Moving From A.docx
SANS 2013 Critical Security Controls Survey Moving From A.docx
 
The State of Remote Work Q4 2021
The State of Remote Work Q4 2021The State of Remote Work Q4 2021
The State of Remote Work Q4 2021
 
CAPP Conference Survey
CAPP Conference SurveyCAPP Conference Survey
CAPP Conference Survey
 
Please read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docxPlease read the instructions and source that provided, then decide.docx
Please read the instructions and source that provided, then decide.docx
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOC
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
 
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to MissPreparing for the Future of Enterprise Mobility -- Insights Not to Miss
Preparing for the Future of Enterprise Mobility -- Insights Not to Miss
 
Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016Best Practices for a Mature Application Security Program Webinar - February 2016
Best Practices for a Mature Application Security Program Webinar - February 2016
 
Arkadin Unified Communications Report: The Missing 'U' in UC
Arkadin Unified Communications Report: The Missing 'U' in UCArkadin Unified Communications Report: The Missing 'U' in UC
Arkadin Unified Communications Report: The Missing 'U' in UC
 
Automation in Public Sector IT Systems
Automation in Public Sector IT SystemsAutomation in Public Sector IT Systems
Automation in Public Sector IT Systems
 
SANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveySANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls Survey
 
NEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdfNEW_Security Priorities 2021_Sample Slides.pdf
NEW_Security Priorities 2021_Sample Slides.pdf
 
Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2
 

Mehr von SeniorStoryteller

Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...SeniorStoryteller
 
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua CormanWhere Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua CormanSeniorStoryteller
 
Implementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ SchleenImplementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ SchleenSeniorStoryteller
 
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionScaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionSeniorStoryteller
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybSeniorStoryteller
 
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...SeniorStoryteller
 
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul ReedRelease Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul ReedSeniorStoryteller
 
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...SeniorStoryteller
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsOps Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsSeniorStoryteller
 
Building Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh RaghavanBuilding Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh RaghavanSeniorStoryteller
 
Breaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John WillisBreaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John WillisSeniorStoryteller
 
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareDevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareSeniorStoryteller
 
NuGet Package Management Done Right
NuGet Package Management Done RightNuGet Package Management Done Right
NuGet Package Management Done RightSeniorStoryteller
 
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and DockerHero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and DockerSeniorStoryteller
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzSeniorStoryteller
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySeniorStoryteller
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSoftware Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSeniorStoryteller
 
Heroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps TransformationsHeroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps TransformationsSeniorStoryteller
 
Rugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessRugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessSeniorStoryteller
 
Create Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply ChainCreate Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply ChainSeniorStoryteller
 

Mehr von SeniorStoryteller (20)

Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World! - S...
 
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua CormanWhere Bits & Bytes Meet Flesh and Blood - Joshua Corman
Where Bits & Bytes Meet Flesh and Blood - Joshua Corman
 
Implementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ SchleenImplementing DevOps in a Regulated Environment - DJ Schleen
Implementing DevOps in a Regulated Environment - DJ Schleen
 
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel DiscussionScaling Rugged DevOps to Thousands of Applications - Panel Discussion
Scaling Rugged DevOps to Thousands of Applications - Panel Discussion
 
Making Security Agile - Oleg Gryb
Making Security Agile - Oleg GrybMaking Security Agile - Oleg Gryb
Making Security Agile - Oleg Gryb
 
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
What We Learned from Four Years of Sciencing the Crap Out of DevOps - Nicole ...
 
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul ReedRelease Engineering & Rugged DevOps: An Intersection - J. Paul Reed
Release Engineering & Rugged DevOps: An Intersection - J. Paul Reed
 
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
Requirements Gathering for a Successful Rugged DevOps Implementation - Hasan ...
 
Ops Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon EdwardsOps Happens: DevOps Beyond Deployment - Damon Edwards
Ops Happens: DevOps Beyond Deployment - Damon Edwards
 
Building Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh RaghavanBuilding Security In - A Tale of Two Stories - Laksh Raghavan
Building Security In - A Tale of Two Stories - Laksh Raghavan
 
Breaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John WillisBreaking Bad Equilibruim - John Willis
Breaking Bad Equilibruim - John Willis
 
DevSecOps - Building Rugged Software
DevSecOps - Building Rugged SoftwareDevSecOps - Building Rugged Software
DevSecOps - Building Rugged Software
 
NuGet Package Management Done Right
NuGet Package Management Done RightNuGet Package Management Done Right
NuGet Package Management Done Right
 
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and DockerHero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
Hero's Tookit: Start Your Rugged DevOps Journey with Nexus, Jenkins and Docker
 
The End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
 
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOpsSoftware Supply Chain Automation Removes Roadblocks to Rugged DevOps
Software Supply Chain Automation Removes Roadblocks to Rugged DevOps
 
Heroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps TransformationsHeroes’ Journey: Learning from Successful DevOps Transformations
Heroes’ Journey: Learning from Successful DevOps Transformations
 
Rugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for SuccessRugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for Success
 
Create Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply ChainCreate Rugged Applications: Managing Your Software Supply Chain
Create Rugged Applications: Managing Your Software Supply Chain
 

Kürzlich hochgeladen

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Lisa Conference 2014: DevOps and AppSec - Who is Responsible

  • 1. Developers and Application Security: Who is Responsible? SURVEY RESULTS, November 2014 Mark Miller, Senior Storyteller
  • 4. 41% Q5 - In what industry does your business operate? 20% 17% 10% 6% Technology / ISV Consulting / SI Financial Services & Insurance Media / Entertain Public Sector Telecommunications Consumer Goods / Retail Other 14% 10% 6%
  • 7. 13% Q9 - Percentage of open source software? 40% 14% 15% 15% 0% open source 20% open source 40% open source 60% open source 80% open source 100% open source 5% 67% >5000 employees 50% in FSI 41% in Consulting 31% in Government 27% in Tech 44% for Java developers {What people estimate they are doing
  • 8. 13% Q9 - Percentage of open source software? 14% 15% 15% 0% open source 20% open source 40% open source 60% open source 80% open source 100% open source 5% 67% >5000 employees 50% in FSI 41% in Consulting 31% in Govt 27% in Tech 44% for Java developers {What people estimate they are doing What app scans reveal 40%
  • 9. 57% Q10 - For custom development, what languages are used? 31% 30% 25% 21% Java PHP .NET Ruby C/C++ 83% with > 5000 employees FSI: 82.5% Banking/Finance: 88% Government: 74%{
  • 10. Q11 - Who is the primary driver behind AppSec initiatives? 40% say dev (Q14) 76% say dev spends less than 15% time on AppSec (Q15) 42% say dev knows its important but does not have time to spend on it {40%
  • 11. Q11 - Who primarily drives AppSec initiatives? (filtered for developers only) 67% devs think they are the primary driver; (Q15) 26% say security is not their focus, 40% say they have no time to spend on it; (Q17) 74% state we have no policies or policies are not effectively enforced Observations: 84% w/ >5000 employees think it’s compliance / risk management {67%
  • 12. Q12 – Your role in AppSec? (1=not at all, 10 = highest priority) w/ >5000 employees, 75% rank security 8+ priority (Q17 – 58% of >5000 employees feel there is no clear security policy or that policy is not effectively enforced; 18% we don’t have clear policies 81% state Adherence to internal security policies is a top concern Conclusion: strong personal sense of responsibility, but little to not policies to enforce security standards; people make up their own standards w/ 101 – 1000 employees, 76% rank security 8+ priority Q17 – 67% employees feel there is no clear security policy or that policy is not effectively enforced. Q13 - 74% state adherence to internal security policies is a top concern Conclusion: “App Sec is important to me but we lack corporate policies so I’ll determine my own.”
  • 13. Q13 - Are any of these security concerns? 65.03% {#2 overall issue but only 31% test it #1 issue for government
  • 14. Q14 - How much time to developers spend on security?
  • 15. Q15 - Interest of in-house developers in regard to AppSec 41% in FSI know its important but don’t spend time 42% in tech {
  • 16. Q16 - When does App Dev spend time with security group? Observations: 23% say security checks happen, but (Q17) Only 12% have automated End of development cycle - 62% in government (#1 answer), 47% in financial services Historically, ‘end of development cycle’ is the most expensive option
  • 17. Q17 - Describe your current app security policies (Overall) Observations: 67.05% do not have clear, well defined, enforced policies 12.5% have well defined, automated policies
  • 18. Q17 - Describe your current app security policies (filtered for government) 59% policies not enforced compared to: 40% in FSI 28% in Tech{ 24% don’t have policies in place compared to: 20% in FSI 30% in Tech{Automated late in Development18% Automated across SW lifecycle12%
  • 19. Q17 - Describe your current app security policies (Developers only) 42% Do not have clear policies Observations: “I am responsible, but I have: • No tools • No policy • No time 9% Automation across lifecycle 7% Automation late in development cycle
  • 20. Q20 - If doing CI, how often is code compiled? Observations: If there is continuous integration, the percentage of automated testing increases 40% automate security testing here.
  • 21. Q23 - Where is security testing automated? Lower Cost Highest Cost High Cost Lower Cost
  • 22. Q18 - What are you testing? Observations: 80%+ of app composition is open source 30% of companies test open source • 37% tech • 20% in FSI • 29% in government
  • 24. Get the deck right now, within seconds Community@Sonatype.com
  • 26. Developers and Application Security: Who is Responsible? SURVEY RESULTS, November 2014 Mark Miller, Senior Storyteller

Hinweis der Redaktion

  1. Mark Miller, Senior Storyteller TheNEXUS Community Project http://www.sonatype.org/nexus/
  2. Mark Miller, Senior Storyteller TheNEXUS Community Project http://www.sonatype.org/nexus/