Inspired by reading ‘Investments Unlimited’ and other books built around the principles of storytelling, James and Josh dive into DevSecOps and the bigger picture of shifting security left in this new episode of Off Script! In this episode: * 00:00 Fictional Bugs - Investments Unlimited * 01:00 DevSecOps * 02:00 Moving security testing to the beginning * 03:00 Reducing the friction of releases * 04:00 Go through pain points early * 05:00 Strict linting, function length, no unused variables * 06:00 Early automated tests to prevent Git leaks * 08:00 Making it easy for the developer * 10:00 Bearer * 11:00 Concise reporting * 12:00 Dependabot * 13:00 Secret Management * 14:00 Making it easy to do the right thing * 16:00 Having pride in your security * 17:00 What if your language doesn’t have much security support? * 19:00 Dynamic & Static languages * 20:00 Language agnostic tools * 21:00 Key takeaways References: * https://itrevolution.com/product/investments-unlimited/ (https://itrevolution.com/product/investments-unlimited/) * https://www.bearer.com/ (https://www.bearer.com/) * https://github.com/dependabot (https://github.com/dependabot) Find out more about Stac and Parallax: * https://stac.works (https://stac.works) * https://parall.ax (https://parall.ax)
From "Off Script"
Listen on your iPhone
Download our iOS app and listen to interviews anywhere. Enjoy all of the listener functions in one slick package. Why not give it a try?
Comments
Add comment Feedback