A secure agile cloud development procedure to produce cloud-native and other applications starts first with a process. (See video at end of this article for a secure process.) This process defines how code created by a developer eventually makes it through to production and customer use. I have found that many companies do not even have such a process, or they have a very short process that primarily comprises the developers doing everything, including testing and security bits within their own little worlds. Since the same developer who wrote the code is testing and performing security, there are not enough eyes on the code to see all potential attacks.
Articles Tagged with Static Code Analysis
As I shoveled even more snow, I was starting to think about automation, as in how could I get something to shovel the snow for me, which lead to thinking about automation within the cloud. I see lots of discussion about automation in the cloud. Many of my friends and colleagues are developing code using Puppet, Chef, vCenter Orchestrator, etc. This development is about producing the software defined datacenter (SDDC). However, I see very little in the way of security automation associated with SDDC.