CTO and co-founder of Signal Sciences. Author and speaker on software engineering, devops, and security.

SANS AppSec Blog on Continuous Deployment and Security

What is continuous deployment, how it works, and why it's good for security

Frank Kim asked me some tough questions on continuous deployment and what it means for security:

  1. In Continuous Deployment, developers push software to production several times a day. Please explain how this reduces risk in development and operations.
  2. Many Appsec professionals are concerned that Agile development teams build software too fast to be secure. Continuous Deployment seems to accelerate this even more. How do security controls and checks fit into Continuous Deployment, and what controls and checks need to be done differently to keep up with the pace?
  3. Where do teams that want to move faster and use Continuous Deployment need to start if they want to do this in a safe and secure way? What tools and practices do they need to have in place to succeed?

Read the answers on the SAN Software Security AppSec Blog.


© 2018 Nick Galbreath