Introduction-Devsecops Maturity Model
Software industry currently dominated by Agile methodology to develop and build the products. This method involves that various team work together to achieve the end goal. In this process of software building, usually security aspects are ignored or not sufficient space given. It is important that Standard safety requirements in software build environment are not utilized.
The Devsecops Maturity Model show the security measures are applied in Devops strategy and explains different stages in implementation. In the emerging trends, attacks are well equipped with tools and stacks that are used by the software product. Hence, it is important to Defend the attacks at early stage as possible.
This series of blog will assist on different levels of Devsecops and how to implement those in real time.
Devsecops Maturity Levels:
Level-1
It is begining of the Devsecops journey. Here, the teams work individually, risk and security are not considered.
Level-2
In this stage, development, security & Operation teams work together to know the requirements to achieve the goal. The goal is ‘AUTOMATE’ everything . Example — Infra as code, compliance as code and security as code.
Level -3
This stage helps to produce high quality of software products released to reliable platforms. The improvement here is the Patch management, configuration management ,compliance, threat model, and security embedded in throughout the software lifecycle. High levels of automation are present throughout development, testing, and operations, as well as dynamic vulnerability in regular interval.
Level-4
Advanced organizations will multiple builds based on above three levels daily. Here, security is not done by separate team or domain people. It is part of the overall build process. High level of Automation implemented on Threat model, code scan, dynamic scan, API scan, testing and deployment. Infra as code is the expectation and platform will actively use the cloud service providers.
In the upcoming blogs, we will see the stages present and expectation as per OWASP Maturity model.
Thanks for reading and Happy Learning!! :)
