GovDevSecOpsHub Editors
47 Articles0 Comments

Value Stream Thinking – The Why Behind DevSecOps

Value stream thinking is not a revolutionary concept. Looking at famous companies like the Ford or Toyota motor companies, it’s easy to see many famous examples of maximizing value and minimizing waste. Each has found success, and each has its…

Making Software Audits Easier by Establishing Audit-Ready Pipelines

Software audits play an essential role in ensuring the quality and performance of the applications that government agencies and contractors are developing. Audits are essential for ensuring applications are secure, identifying vulnerabilities that may be – or have already been…

Embracing Security-as-Code and the DevSecOps Transformation

Organizations today are facing a unique challenge, specifically how to balance security with speed. While many may view those two as opposed values, there is a growing campaign to revise and revisit that assumption. As DevOps rises in popularity, this…

Poll: Agency ATOs, DoDIN APL, or FIPS 140-2 – what drives your COTS software decisions?

To foster faster, more secure application development, many government organizations have turned to a new generation of application development platforms and commercial off the shelf (COTS) solutions designed to automate testing, bake security into every aspect of the development lifecycle…

Three steps for expediting software delivery

In application development, and especially in DevSecOps environments, there is increased pressure for development teams to deliver applications more quickly. However, meeting the challenge of increasing productivity and accelerating development often comes at the cost of security. To ensure that…

Healthcare Organizations Embrace Open Source to Improve Operations

The healthcare industry focuses much of its innovation, research and development on new patient procedures, medications and treatments that will help people live longer, happier and healthier lives. Often, this focus on advancing and improving patient health results in the…

Move it left, all the way left – Application Security as strategy creates advantages

Security vulnerabilities in code are often seen as failures of the application development process since bugs that increase risk can make code undeployable. In contrast, security checks that slow application development directly oppose deployment velocity. There definitely is a quandary…

Three Kubernetes Challenges Facing Government Development Teams

In a recent series of articles on the GovDevSecOpsHub, we discussed Kubernetes and how it has become an integral part of the application development and deployment process for application development teams that work with or on behalf of the federal…

Four Keys to Fighting Cluster Sprawl in Kubernetes Environments

In recent articles on the GovDevSecOpsHub, we discussed the realities of cluster sprawl and the impact of cluster sprawl on our agencies. Ultimately, we established that cluster sprawl is a very real problem facing the government that can slow the…

Cluster sprawl is the speed trap on the Kubernetes innovation highway

In our last article on the GovDevSecOpsHub, we discussed the basics of Kubernetes deployments and how the widespread embrace of Kubernetes has created a new challenge that industry experts call, “cluster sprawl.” Governmental agencies have begun to shed the stigma…

 

 

 

We launched GovDevSecOpsHub to focus on the next evolution of application development, DevSecOps, which brings cybersecurity teams and tools into the development process sooner so that applications are more secure and safeguarded against cyber threats.

In  GovDevSecOpsHub we’ll look at the evolution from traditional software and application development to the DevOps model. We’ll talk about the importance of moving from DevOps to DevSecOps. We’ll highlight the technologies and cultural changes necessary to make this shift happen. And we’ll profile government organizations and executives that are the “boots on the ground” as the government pivots towards the DevSecOps model.