Fixing Flaws: Bridging InfoSec and DevOps

As software makes its way into every industry—from FinServ to FedTech—it’s become increasingly important to ensure that high security standards are being met from development through deployment. A breach today could potentially impact millions of people across the globe. It can not only create infamy for the breached organization, but also result in lost revenues and put jobs on the line as well.

One way organizations achieve high levels of security and compliance is by implementing DevOps practices. To explain how DevOps can increase the synchronization between InfoSec and Development, CollabNet Information Security Officer Ward Osborne recently contributed a great article on the topic to It outlines for CIOs and CTOs best practices for getting teams working together to increase security throughout the entire software delivery pipeline.

Below is an excerpt from Ward’s article, which can be read in full here.

“As DevOps continues to expand across verticals, including the financial and government sectors, security has become paramount in the minds of CIOs and CTOs. As such, more organizations have begun to integrate security early in the development process. While security always has been a theoretical part of DevOps, the number of breaches making headlines recently and costing many IT professionals their jobs has taught us that now it is more important than ever for companies to build security into each and every methodology and practice. “Build it in from the start” is a fitting mantra for any developer today—and even more so for his or her boss.

Creating more secure code for products and platforms starts from day one in the planning stages, and some industries are doing it better than others. You must include security—not just in the end product and late development stages, but also throughout the life cycle. Organizations can do this by employing a defined methodology and unified tools that support that methodology, so developers make security not only a consideration for their end products, but something fundamentally baked into their builds.

To achieve this harmony between Development and InfoSec, developers and Operations staff must be included in decisions about tools, standards, and methodologies that the organization will follow. They need to understand what requirements are coming down the road, so they can recognize the need to address those requirements in advance, rather than being caught off-guard by problems or issues after the fact.”

Thanks to Ward for authoring this insightful article. We’re looking forward to providing more meaningful and useful articles like this one on the latest trends in software delivery. Stay tuned.


CollabNet Team

CollabNet helps enterprises and government organizations develop and deliver high-quality software at speed. CollabNet is the winner of a 2016 Best of Interop Award, recognizing TeamForge for its innovation. Also recognized for 13 consecutive years as an SD Times 100 “Best in Show” winner in the ALM and Development Tools category, CollabNet offers innovative solutions, provides consulting and Agile training services, and proudly supports more than 10,000 customers with 6 million users in 100 countries. Our flagship product, TeamForge®, is the industry’s #1 open platform for enterprise software development, delivery, and collaboration. Leading companies and government agencies leverage TeamForge to accelerate application delivery with Agile, continuous integration (CI), continuous delivery (CD), and DevOps—and reduce costs through a governed adoption of open source tools, streamlined compliance, and the reuse of existing assets, resources, and processes in new projects.

Posted in News

Leave a Reply

Your email address will not be published. Required fields are marked *