gregandev
/
DevSecOps
mirror of https://github.com/ruanbekker/DevSecOps
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #1 from sottlmarek/develop

Browse Source 
description added
master
sottlmarek 6 years ago committed by GitHub
parent 1fd29a77f8 c001e1b55e
commit 043754faba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 8 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 24
      devsecopsmanifesto.md

24
devsecopsmanifesto.md
Unescape View File

@ -1,10 +1,18 @@
DEVSECOPS MANIFESTO
==========
* Bezpečnost musí fungovat jako aktivátor businessu (angl. Security enabler)
* Prioritou je dodání bezpečného a fungujícího software s přidanou hodnotou pro zákazníka.
* IT bezpečnost musí spolupracovat s lidmi z vývoje, rizik a businessu na denní bázi.
* Změny jsou vítány protože umožnují reagovat na nové hrozby, rizika a zranitelnosti.
* Bezpečnost je prioritou pro dodání kvalitního software.
* Týmy musí sdílet znalosti v rámci informační a kybernetické bezpečnosti pro zvyšování
* celkové zralosti.
* Automatizace a kodifikace bezpečnosti je dlouhobým cílem pro architekturu jako kód
With DevSecOps, part of the architecture can be captured as a code. Centralized configuration management and infrastructure are widely used as a code.
Structured languages that are used to configure databases, firewalls, servers, applications, or containers, must be readable. Architectural standards, such as CIS benchmarks, are defined only once, and the code is automatically distributed and configured on all architectural components of specific type. A high degree of automation is critical parameter to security in agile environments. The DevSecOps toolkit provides a complete process of deploying and installing IT systems in a controlled manner.
* Interaction between people is must.
* Security must work as a Business enabler
* The priority is to provide secure and funcional software with added value for the customer.
* IT and cyber security security must work with development, risk and business people on a daily basis.
* Changes are welcome because they allow them to respond to new threats, risks and vulnerabilities.
* Security is a priority for delivering high-quality software and architecture as a code.
* Security is functional requirements.
* Teams must share knowledge in information and cyber security for growth
* overall maturity of community resulting into guild.
* Automation and security coding is a long-term goal for architecture as a code.
* Security artefacts must be self-documented.
Write Preview
Loading…
Cancel
Save