A couple of months ago we’ve heard about Docker and vulnerabilities found on some of their images. It’s easy to imagine what could happen if one of our applications would be running on one of those images.

Photo by Kelly Sikkema on Unsplash

Sometimes the inexperience or the times to deliver decide us to use one of the images available on the docker’s site, but do we really know what are we using? Sometimes It’s reduced to a faith thing. But having the right tools we could forget about that kind of issue, or at least, we could have a way to detect if our image has suffered a leak or it’s exposing us to vulnerability.

DevSecOps is the natural extension of DevOps and Agile cultures to incorporate Security as the main concern. Its essential goal can be defined as “Incorporate security awareness in the whole value delivery pipeline, from ideation to implementation to delivery and monitoring”. As with DevOps and Agile movements, this goal is interpreted and implemented as lean as possible, minimizing bureaucracy and maximizing delivered value to the clients.

While our world becomes more and more information-based, the security of our customer’s information is increasingly more valuable. How we take care of our customers’ information can be a competitive advantage or take us out of business (see this article). CEOs and founders are eager to pay 20% more AND changing providers if grant a higher level of cyber-security, according to very recent study by Continuum.

According to this Cybersecurity Ventures report, a ransomware attack will be carried out on a company every 14 seconds in 2019 what represents an economic cost of almost 11.5 billion dollars for the companies.

#security #cybersecurity #devsecops #devops #docker