We’ve all seen the DevSecOps diagram that looks like this. But if we look closely, there really is no place in this diagram that talks about remediation at all. Some put this under “operate,” but that’s only partially true (and largely only focuses on issues already in production).
By making security programmatically demonstrable just like uptime and performance SLAs, DevSecOps owners will be able to tout this security engineering excellence.
Hopefully integrating DevSecOps tools becomes as simple as any other dev tools quickly adopted by engineering teams.