by Richard Barrus | Oct 27, 2021 | Application Security
Reading Time: 3 minutes
In the realm of full stack software development and DevOps, continuous change invalidates conventional, point-in-time audit/compliance evidence. But our industry has yet to bridge the gap between traditional compliance techniques and...
by Richard Barrus | Oct 26, 2021 | Application Security
Reading Time: 3 minutes
If your full cycle software development team releases several builds per day to production, what good are traditional methods of verifying security compliance, such as semi-annual screen shots of a firewall configuration? There’s no...
by Richard Barrus | Oct 21, 2021 | Application Security
Reading Time: 4 minutes
We need a new compliance model for today’s cloud-first, full cycle software development methods. When “software is eating the world,” checking boxes in an annual audit is no help at all. But what tools and skills will be needed to...
by Richard Barrus | Oct 20, 2021 | Application Security
Reading Time: 2 minutes
In a world where full cycle software development teams release multiple builds to production per day, traditional methods of verifying compliance with cybersecurity and privacy guidelines have fallen by the wayside. A new compliance...
by Richard Barrus | Jan 25, 2018 | InfoSec Strategies
Reading Time: 4 minutes
These days many development teams have moved to DevOps or are moving in that direction. But how do you implement traditional security controls in this new DevSecOps world? A Note on Terminology: What is DevOps? DevOps refers to the...