Faster Secure Software Development with Continuous Deployment

Nick Galbreath

First presented at PHDays on May 24, 2013 in Moscow, Russia.

Why don’t developers care about security issues? Why isn’t security training effective? Why do basic application security problems continue to exist? One reason is that long release cycles disenfranchise developers from caring or even knowing about security or operational issues. Continuous Deployment helps address this by small, but frequent, changes to the production environment. At first, this would seem less stable and less secure, however continuous deployment is a lot more than “pushing code”. When done well, it can be transformative to your software lifecycle and change your security group from a reactive organization into a “in-house security consultancy” that developers come to for questions and assistance. This session will discuss how to get started with continuous deployment and the tools and process needed to make it a security success.