Requirements Gathering for Successful DevSecOps Pipeline - AppSec EU 2017

Explore requirements gathering for successful DevSecOps pipeline implementation in this 40-minute conference talk from AppSec EU 2017. Learn how to assess current states, identify productivity bottlenecks, determine training needs, establish metrics, and implement monitoring strategies. Discover considerations and approaches for creating a security-first automated development pipeline tailored to your organization's unique requirements, motivations, and technologies. Gain insights into integrating secure coding and verification practices throughout the software development lifecycle, addressing key aspects such as security policy, development platforms, application technical stacks, and cross-team involvement. Understand common pitfalls, the Rugged Manifesto, and strategies for assessing various stakeholders including developers, quality assurance, deployment/release teams, IT operations, and information security. Delve into identifying appropriate metrics, providing feedback, and implementing a Continuous Integration (CI) model for a more secure and efficient software development process.

Intro
Background
Common Question
The Rugged Manifesto
Common Pitfalls
What went wrong?
Current State Assessment
Assessment Plan
Assessment Process
Identify Stakeholders
Assessment - Developer
Assessment - Quality Assurance
Assessment - Deployment / Release
Assessment - IT Operations
Assessment - Information Security
Assessment - Technology Stack
Identify Metrics and Measurement
Feedback to the Team
People
Platform
Rugged Continued ...
Rugged DevOps on...
Continuous Integration (CI) Model