Digital transformation penetrates into every part of our lives. Enterprises and customers live in an economic system centered on cloud applications and smartphones. To continually increase the performance and efficiency of the application development life cycle, combining the “DevOps” process of developers (Development) and IT operations management (Operations) has become a new culture for many companies to accelerate the development life cycle. A “DevSecOps” framework integrated into security management has emerged.
JFrog China CEO, George Hurn-Maloney explained the importance of security risk when companies’ software release cycle continually grows faster.
With many years of experience in promoting DevOps projects, George Hurn-Maloney, CEO of JFrog China, established a local branch in 2017, believes that the market is currently undergoing a transitional moment and the speed of software release cycle is increasing, but it brings the security risks worth paying attention to.
George pointed out that 90% of applications, even the hottest Kubernetes (K8s) Containers application, are built with many open source components. Although it helps improve software release cycles, it may also cause security problems. JFrog China invited many organizations including PricewaterhouseCoopers (PwC) and Hong Kong agent B & Data Technology to promote the DevSecOps technology, to assist corporate customers to inspect the code security and vulnerability check of their whole SDLC.
Billy, the general manager of B & Data, said that he cooperated with JFrog China to launch DevSecOps services locally, allowing developers to discover potential risks or problems at an early development stage.
The “Cyber Resilience Assessment Framework 2.0” (C-RAF 2.0) security guidelines issued by the Hong Kong Monetary Authority listed one of the new requirements in SDLC security. The current level of DevOps in Hong Kong has also improved with market trends. The current computing architecture in Hong Kong focuses on network security, such as denial of service attacks (DDoS). While changing software development, it is also necessary to improve the security operation thinking, I believe the importance of DevSecOps will continue to increase.
PricewaterhouseCoopers (PwC) Cyber Security and Privacy Service Department DarkLab Manager, Jeff pointed out that the life cycle of the development process has been greatly shortened, and the software release cycle shortened from months to weeks or even days.
PricewaterhouseCoopers (PwC) Cyber Security and Privacy Service Department DarkLab Manager, Jeff pointed out that the life cycle of the development process has been greatly shortened, and the software release cycle shortened from months to weeks or even days.
In the past, the banks relied on a third party security check, but it was often found the same security issues again and again. At present, in addition to the CICD (Continuous Integration /Continuous Deployment pipeline), enterprises need to integrate with the CS (Continuous Security). This adds different automatic security checks and automated management flow.
It is difficult to avoid open source components for your SDLC. Jeff said that traditional and emerging companies have different levels of DevSecOps requirements, and the distribution ratios of automation and manual management will be different. He emphasized that the transformation of traditional industries requires many talents, best CICD flow and tools.
Register and attend our webinar to learn the tips to select your DevSecOps tools.
Please register now.
Topic: JFog x PWC : Tips to Evaluate and Choose the Right DevSecOps Solutions
Date: 20 May 2021 (Thursday)
Time: 11:00am – 12:00pm
Language: English