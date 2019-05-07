The hugely understated word in those previous two sentences is “potentially.” What prevents potentially shippable software from being real, shipped software? Sure, it may be purely a business decision. Product ownership may conclude that not enough valuable features have been included in the release to warrant shipping to users. But, often the reasons and impediments are more operational, and we enter into the tail of a “water-scrum-fall” approach struggling to get fewer, bigger releases over the line.

Satisfying the security controller is one of those criteria often overlooked until the eleventh hour that prevents a production release of software.

DevSecOps is a way or working to address this - a set of practices and a mindset that enables a regular flow of continuous delivery of software to production including the satisfaction of security constraints. (Some people describe DevSecOps as baking security into the development process from the start.) Of course, the phenomenon of DevSecOps has brought with it a whole host of new technology and tools to simplify the scanning and protection of software from security threats.