DevOps and continuous delivery of applications have become the new norm for innovation across every industry. Seeing the buzz and enthusiasm in the air during DevOps Enterprise Summit’17 in London, it is clear that DevOps will continue to be the driving factor for businesses for years to come. During the event, I got a chance to talk to many DevOps gurus which led me to the second take from the event. It was an interesting contradiction for DevOps: the increasing presence of interest and the steady lack of ownership for securing DevOps. Everybody seemed to agree that security was a critical step for DevOps, yet all development teams thought it was not their bread and butter. (And someone else was supposed to be taking care of security)
This feedback was not very surprising to me since it was in line with recent poll results on securing DevOps (Fortify: Application Security and DevOps Report), but it was still interesting to see the contradiction: DevOps teams own all aspects of developed software except a single item: SECURITY. In light of recent breaches and scandals (Is a boring list of recent news really necessary to remind you?), leaving an essential element of software to other teams is not any more effective than burying our heads in sand against attacks. We need to make sure DevOps teams understand what they’re missing!
In order to provide proof on return on investment and benefits of securing continuous application development, we were compelled to find out details on successful implementations. Implementations which can indicate how our customers are benefiting from using Fortify thoroughly on DevOps processes. (And what others are missing!)
To understand how leading enterprises are coping with the demands of continuous software delivery, we commissioned an independent research team to interview application security leaders from a diverse set of companies that have adopted products and services from HPE Fortify. The results of the study clearly show business and economic benefits of using HPE Fortify products and services. Benefits of integrating Fortify as part of DevOps lifecycle included: