GitLab on how DevSecOps can help developers provide security from end-to-end


TechRepublic’s Karen Roby spoke with Jonathan Hunt, VP of security for GitLab, about the security challenges companies face today and how the concept and practice of DevSecOps can help developers build end-to-end security into their applications. The following is a transcript of the interview, edited for readability.

SEE: DevSecOps tutorial: What is it, and how can it improve application security? (TechRepublic)

Karen Roby: Jonathan, I’m happy to talk with you about this today. And certainly, it’s something that you talk about, I’m sure, in your sleep or could. I appreciate you being with us here today. First, just tell us, just for a second, about GitLab and your role there.

Jonathan Hunt: Yeah, absolutely. So, it’s an absolute pleasure to be here. Thank you for having me. My role at GitLab is the VP of security for the entire company. And my security department is roughly four sub-departments, 11 teams, and 60 people, which isn’t bad for our company and our size. So, we definitely take security matters to heart is definitely our priority here at GitLab. The company itself is a complete DevOps pipeline that is designed to be a unified tool chain, to not only promote the security and efficiencies that DevSecOps brings developers, but also to be a complete DevOps pipeline for engineering teams and developers as well.

Karen Roby: And when we talk, Jonathan, a little bit about here, we’re at the beginning of 2022, looking ahead and down the line. When we talk about DevSecOps, where do you see things going, maybe paths changing, things just evolving in a different way, where do you see it going?

Jonathan Hunt: Yeah, absolutely. When we talk about trends for DevSecOps, what I tend to do is try to take a look back at the last 12 to 18 months and see what’s happening in the industry, what’s happening in this space, and what the customer and our stakeholders are demanding of us. And what I’ve seen over the last year or so is the increasing amount of global security events. We remember all the way back from SolarWinds, all the way to the more recent phenomena of Log4j, I would call it in terms of dependency, security. And what I’ve seen is, is that there’s a couple things that have really been made prominent from these recent events. Number one is I think that people want to see more secure products and services, especially around their data.

They’re calling for it in their vendors. They’re calling for it in their contracts. They’re searching for solutions that’s going to meet these needs. Secondly, is I’m seeing a demand for greater visibility and auditability of software. In addition to that, I would say that there’s definitely a demand for more consistent application and administration of compliance and security policies within the software. So, from that, what I see then happening in the near term is that I believe the DevSecOps process is going to begin providing more end-to-end visibility and auditability, which is designed to ensure that everyone, all of our stakeholders in the process understand who changed what, where, and when, which is key to security management.

I also see better implementation and application of compliance. So, this is important, because today, we don’t have a great holistic view of compliance within our software frameworks. So, it’s challenging for our security teams to go in and identify where policies are being met, where policies are being broken. It’s difficult to gather evidence. It’s difficult to get all of our internal stakeholders together and aligned with the objectives and goals of what the compliance of software security is all about. And so, really, by implementing better compliance policies and visibility within the software, what that’s doing is it’s bringing the developers and our entire CICD pipeline closer to the compliance team, closer to audit evidence, closer to our auditors themselves.

Karen Roby: And when we talk about changes and things that we’ve seen, Jonathan, COVID-19 has obviously changed and impacted us in every way, from personal to work, everything in between. How about with DevSecOps? I mean, how do you see that having changed and continuing to, as a result of this pandemic?

Jonathan Hunt: Yeah. So, DevSecOps is actually a great solution and ideology, if you will, around solving the security of remote workspaces. So, if you recall before the pandemic, a lot of companies were confined to an office, their network boundaries were siloed to an intranet within a single local area network, if you will, within a building. And now, companies are challenged with understanding, not only how to secure, but even how to monitor the security of remote employees. So, DevSecOps actually provides that solution. What it does is, is it provides the security built in, not only to our software development life cycle, but even all the way to the end points.

So, whereas today, many companies lack the visibility on the endpoints, on where employees are connecting to the network, whether they’re working from home, whether they’re working from the airports or their favorite coffee lounges. So, what we’re doing with DevSecOps is providing the visibility and complete security from end-to-end. So, it starts with the developer, it starts with the laptop. It starts with the engineers on their local machines and provides that automated security implemented throughout that entire pipeline.



Source link

istanbul escort aksaray escort arnavutköy escort ataköy escort avcılar escort avcılar türbanlı escort avrupa yakası escort bağcılar escort bahçelievler escort bahçeşehir escort bakırköy escort başakşehir escort bayrampaşa escort beşiktaş escort beykent escort beylikdüzü escort beylikdüzü türbanlı escort beyoğlu escort büyükçekmece escort cevizlibağ escort çapa escort çatalca escort esenler escort esenyurt escort esenyurt türbanlı escort etiler escort eyüp escort fatih escort fındıkzade escort florya escort gaziosmanpaşa escort güneşli escort güngören escort halkalı escort ikitelli escort istanbul escort kağıthane escort kayaşehir escort küçükçekmece escort mecidiyeköy escort merter escort nişantaşı escort sarıyer escort sefaköy escort silivri escort sultangazi escort suriyeli escort şirinevler escort şişli escort taksim escort topkapı escort yenibosna escort zeytinburnu escort porno 1080p porno izle 4k porno izle 720p porno izle abella danger alman alman porno alman porno izle aloha tube porno amatör amatör porno amatör porno izle anal anal porno anal porno izle arap porno asa akira porno asyalı porno bangbros porno bangbros porno izle banyoda sikis başörtülü porno beeg porno izle beyaz tenli porno izle biseksuel porno izle bisexsuel porno brandi love porno brazzers brazzers porno izle canli porno canli porno izle çinli porno çinli porno izle ensest porno ensest porno izle ensest seks erotik porno erotik porno izle esmer porno esmer porno izle etek altı fake agent fake taxi fake taxi porno fantazi pornoları fantezi porno izle fetiş porno fetiş porno izle fetish fransız porno fransız porno izle full hd hg porno izle gangbang porno genç kız porno izle genç kız sikişi genç teen porno izle gizli çekim porno gizli çekim pornosu grup pornosu grup porno grup porno izle hd pornolar hd porno hd porno izle hemşire porno hemşire pornosu hizmetçi porno hizmetçi porno izle ingiliz porno japon pornoları japon porno kızlık bozma kızlık bozma porno izle konulu porno konulu porno izle koreli porno köylü pornoları kumral porno kumral porno izle latin pornoları latin porno latin porno izle lezbiyen pornoları lezbiyen porno lezbiyen porno izle lisa ann porno liseli pornoları liseli porno liseli porno izle manken porno manken porno izle masaj porno izle masturbasyon porno izle masturbasyon pornoları mature porno mia khalifa porno mia malkova porno milf porno izle mobil porno mobil porno izle öğrenci porno izle öğretmen porno izle okul porno izle olgun kadın pornosu olgun porno oral porno oral porno izle oral seks porna izle pornhub pornhub porno izle porno film izle porno indir porno izle porno resimler porno star porntube porno izle redtube redtube pornoları riley reid porno rokettube rus pornoları rus porno rus porno izle sakso blowjob porno izle sarışın pornoları sarışın porno sarışın porno izle sarışın pornoları sekreter porno shemale sikiş sikiş sikiş izle şişman porno siyahi pornoları suriyeli pornoları swinger porno tecavüz porno teen porn türbanlı pornoları türbanlı porno türk pornoları türk porno türk porno izle türkçe altyazılı porno türkçe altyazılı porno izle xhamster pornoları xhamster porno xhamster porno izle xnxx xnxx porno xnxx porno izle xvideos xvideos porno izle yaşlı porno yeşilçam porno izle youjizz youporn youporn porno izle zenci porno güvenilir bahis siteleri bahis siteleri casino deneme bonusu casino siteleri deneme bonusu para yatırma bonusu bahis siteleri casino siteleribahis sitesi para yatırma