SANS AppSec Blog on Continuous Deployment and Security
What is continuous deployment, how it works, and why it's good for security
Frank Kim asked me some tough questions on continuous deployment and what it means for security:
- In Continuous Deployment, developers push software to production several times a day. Please explain how this reduces risk in development and operations.
- Many Appsec professionals are concerned that Agile development teams build software too fast to be secure. Continuous Deployment seems to accelerate this even more. How do security controls and checks fit into Continuous Deployment, and what controls and checks need to be done differently to keep up with the pace?
- Where do teams that want to move faster and use Continuous Deployment need to start if they want to do this in a safe and secure way? What tools and practices do they need to have in place to succeed?
Read the answers on the SAN Software Security AppSec Blog.