Fail Fast, Not Twice
-
This is somewhat in response to what @Curtis posted, but I think it should be a topic on it's own. Automation is paramount to security. DoD is seeing that and talks about the new SecDevOps role.
Interesting points from the article:
-
bug and security fixes in minutes instead of weeks or months;
-
continuous feedback from the warfighters that need and use the software, instead of a rigid separation between developer and end-user;
-
automated testing and security, instead of laborious and fallible manual checking of countless lines of code;
-
a Continuous Authorization to Operate (ATO) process for rapid deployment and scalability, instead of having to develop a final product and then wait for a lengthy security review before actually using it;
-
holistic and “baked-in” cybersecurity instead of constantly scrambling to patch problems after the fact;*
-
use of “microservices,” discrete, modular capabilities that can be quickly added to existing software, instead of having to reinvent the wheel and develop such functions anew for each project;
-
the ability to deploy the same software on any environment, including DoD-approved cloud services.
https://breakingdefense.com/2019/06/fail-fast-not-twice-dods-push-for-agile-software-development/
-
-
Fail fast is a general rule of thumb for any low investment engineering venture.
-
Bookmarking site. Thanks @IRJ!
