DevSecOps Misformation is real. Ok, ok, maybe we should say misconceptions? Joan Goodchild wrote a brief blog myth-busting her top 5 DevSecOps fallacies.
1 - DevSecOps Results in Loss of Control - To debunk this myth, leaders need to educate teams on how it works, the value, and share real world experience stories.
2 - You can buy and deploy DevSecOps - I love vendors and marketing folks but… debunking this is another exercise in education and sharing. Special attention may be needed for the senior business executives that ask to “buy DevSecOps” now!
3 - DevSecOps has a single, repeatable, model - Not only is there no one-size-fits-all approach. At the core, there are central concepts though ya simply gotta apply what is best for your unique context. (NOTE: unique is not a bad word!)
4- DevSecOps is about changing Development (not Security) - Nope nope nope! Security is a shared responsibility. DevSecOps touches the full value stream.
5 - DevSecOps is solely a tech issue - There is a double myth that DevSecOps is just a cultural shift OR a technical initiative. It’s both.
At the end of the day, efforts like the DOI’s Straight Talk for Government (#ST4G) chapter, Brian Fox new science-organization DevOps Community, or the DoD Chief Information Office’s DevSecOps Community of practice are all seeking to clean up the misinformation with experience stories , exemplars, and facts.
#CommunityofCommunitites #devops #devsecops #cyber #humansfirst #softwarearchitecture #Softwareengineering #security