Source: www.uleska.com
DevSecOps Challenge #8: Adding risk prioritisation to your pipeline securitCategory: Business, Security
DevSecOps increases the number of issues found and the speed at which they’re to be dealt with. In reality, only a small number of issues will pose a massive risk to the business.
However, there’s no real business risk from system 1 while the business risk from system 2 could end the company.
There’s usually some security issues in the backlog, they’re known about and going to be addressed, but shouldn’t stop the release.
https://www.fairinstitute.org/blog/nist-maps-fair-to-the-csf-big-step-forward-in-acceptance-of-cyber-risk-quantification for the https://www.fairinstitute.org/ cyber value-at-risk methodology to determine which security issues pose the greatest risk to the business.
However, there’s no real business risk from system 1 while the business risk from system 2 could end the company.
There’s usually some security issues in the backlog, they’re known about and going to be addressed, but shouldn’t stop the release.
https://www.fairinstitute.org/blog/nist-maps-fair-to-the-csf-big-step-forward-in-acceptance-of-cyber-risk-quantification for the https://www.fairinstitute.org/ cyber value-at-risk methodology to determine which security issues pose the greatest risk to the business.
Related Articles
Community Partners
DevOps Careers