The tempo for software delivery to the warfighter continues to accelerate to meet the goals and demands of their missions. Pressures to rapidly build and deploy mission software drive the need to deliver new capabilities via DevSecOps pipelines. Many of the latest leading-edge DevSecOps practices draw heavily from commercial tech companies and innovative programs across DoD like Kessel Run. What are these latest trends, and how do you take advantage of them? How do you quantify the risk of microservices, new languages and frameworks, and cloud environments and still obtain authority to operate (ATO)?
The ThreadFix platform has built-in automation and orchestration capabilities to enable your teams to provide immediate feedback in the form of policy evaluation, notifications in the form of emails and automated developer defect creation, and decision-making on your CI program as scan results are generated. In addition to built-in automation, plugins and the ThreadFix API enable CI programs to seamlessly integrate security testing into existing build/release pipelines to provide evaluation of code changes directly to your development tools.
These key issue items and other trends will be discussed in this highly interactive briefing, providing critical insights on how to inject agility and responsiveness into environments that have traditionally struggled to keep pace with modern development approaches.
Co-Presenter John Dickson
John B. Dickson, CISSP, is a security professional and industry leader who regularly works with the largest companies to deliver secure software in DevSecOps pipelines. John is a former Air Force intelligence officer who became a cyber officer in the Air Force Information Warfare Center (AFIWC). Learn more about John >>
Co-Presenter Dan Cornell
As Chief Technology Officer and Principal at Denim Group, Dan Cornell leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. Learn more about Dan >>