TVP Strategy reports on DevOps’ security failure, arguing that DevOps is unable to mitigate security flaws in code quality. This was discovered through TVP’s ongoing research, which investigated secure agile cloud development, architecture and process. TVP’s research aimed to discover how to add automated security to continuous integration and deployment, without changing what the developers do.
This research is significant for businesses, as it could help them to improve code quality whilst maintaining security. Edward L. Haletky, CEO and Principal Analyst for TVP Strategy acknowledged that, “DevOps is egregious at identifying security flaws”. TVP Strategy has obtained findings through working with DevOps domain experts, and by using peer-review. They want to ensure their research meets the demands of both businesses and development experts.
The DevOps outlook
The research looks over four areas. Primarily, it considers code quality metrics, measuring the adherence of code to security. This is done through use of automated static and dynamic processes. Secondly, it looks over a single pool of data. TVP aims to adopt a methodology that provides the same view of interpretation for developers and businesses. Thirdly, the research looks into breach detection. This is where they attempt to discover exactly what has changed to allow breaches. Lastly, API leakage is considered. Security breaches can be costly for businesses. This stage shows how to feed costs and threats into automated continuous analytics.
Edited from press release by Ruby Arenson