11 months ago

At the recent https://www.rsaconference.com/usa in San Francisco, Tanya Janca presented an only slightly tongue-in-cheek keynote speech covering fifteen “worst practices” committed by DevOps teams. After her keynote, Janca sat down with https://armerding.medium.com/of https://www.synopsys.com/blogs/software-security/for an episode of https://www.youtube.com/watch?v=mBQaUiq6rbQ&list=PPSV where they did a deep dive into four of the most crucial “worst practices” that organizations want to avoid when building a robust DevSecOps program.

Best practices would be that I make sure to time it, to check that it’s actually fast.

The worst practice, and I’ve seen this happen, is where people just put the tool directly into a release pipeline live.

Q: Why is only worrying about your part a “worst practice”?