Fail Fast, Not Twice

  • This is somewhat in response to what @Curtis posted, but I think it should be a topic on it's own. Automation is paramount to security. DoD is seeing that and talks about the new SecDevOps role.

    Interesting points from the article:

    • bug and security fixes in minutes instead of weeks or months;

    • continuous feedback from the warfighters that need and use the software, instead of a rigid separation between developer and end-user;

    • automated testing and security, instead of laborious and fallible manual checking of countless lines of code;

    • a Continuous Authorization to Operate (ATO) process for rapid deployment and scalability, instead of having to develop a final product and then wait for a lengthy security review before actually using it;

    • holistic and “baked-in” cybersecurity instead of constantly scrambling to patch problems after the fact;*

    • use of “microservices,” discrete, modular capabilities that can be quickly added to existing software, instead of having to reinvent the wheel and develop such functions anew for each project;

    • the ability to deploy the same software on any environment, including DoD-approved cloud services.

  • Fail fast is a general rule of thumb for any low investment engineering venture.

  • Bookmarking site. Thanks @IRJ!

Log in to reply