The Six Pillars of DevSecOps: Collective Responsibility

Posted on

SAFECode-CSA DevSecOps Working Group identified and defined six focus areas critical to integrating DevSecOps into an organization, in accordance with the six pillars described in CSA’s Reflexive Security Framework. More detailed research and guidance across each of the six pillars of DevSecOps will be revisited and established over time in order to maintain industry-specific standards. This paper is part of a planned series and will focus on the area that is arguably the foundation for all others – collective responsibility. Fostering a sense of collective security responsibility is not only an essential element of driving security into a DevOps environment, but it is also one of the most challenging. It requires cultivating a change to the organization’s mindset, its ideas and its customs and behaviors regarding software security. In this paper, we refer to this effort as building a security-supportive culture.

View the paper here

Copyright © 2007- Software Assurance Forum for Excellence in Code (SAFECode) – All Rights Reserved
Privacy Policy

Share
Share