The simple premise of DevSecOps is that everyone in the software development life cycle is responsible for security, in essence bringing operations and development together with security functions. DevSecOps aims to embed security in every part of the development process. It is about trying to automate core security tasks by embedding security controls and processes early in the DevOps workflow (rather than being bolted on at the end). For example, this could be the case when migrating to microservices, building out a CI/CD pipeline, compliance automation or simply testing cloud infrastructure.
The ability to deploy applications in the cloud has improved both scale and speed, the move to agile and DevOps methodologies (and with that, continuous delivery) making “big bang” application launches a thing of the past. In particular, DevOps — the principle of integrating development and IT operations under a “single automated umbrella” — has helped with everything from more frequent feature releases to increased application stability.
Read more at CSO Online