Sign up to save your podcasts
Or
Share Episode 109 : DevOps - Who Should Own Security ?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 109 : DevOps - Who Should Own Security ?
Listen to more from The New Stack here: https://thenewstack.io/podcasts
Welcome to The New Stack Context, a podcast where we discuss the latest news and perspectives in the world of cloud native computing. For this week’s episode, we spoke with Liran Tal, a developer advocate at container security platform provider Snyk and a member of the Node.js security working group, about who should own security in the DevOps process — the security team or the development?
TNS editorial and marketing director Libby Clark hosted this episode, alongside founder and TNS publisher Alex Williams and TNS managing editor Joab Jackson.
Tal wrote an article for us recently, “‘DevSecOps Insights 2020’: Who Really Owns Security in DevOps,”which summarized the results of a survey the company carried out covering security, development and operations. The post included a couple of surprising survey results, namely that only 14% of respondents reported that they test for known vulnerabilities in container images, and 38% of respondents don’t integrate automated security scanning into their DevOps pipeline.
As Tal writes in the post:
When that many respondents agree security is a major concern when trying to deliver software quickly, it means we need to scale up security to enable fast delivery of security fixes. The key to doing that is developers, as they ultimately fix security issues in an application’s source code.
We also get Tal’s views on incorporating security into the a Continuous Integration/Continuous Delivery (CI/CD), the need for development speed, as well as his thoughts on the recent purchase of npm by GitHub.
Then, later in the show, we discuss some of the top podcasts and news stories from the site. An episode of The New Stack Analysts podcast provides fodder for discussing service mesh adoption. Also on the agenda: Frustrations mount over Python 3 migrations; Project Calico offers a faster data plane with the help of eBPF; and an excellent side-by-side comparison offered by StackRox’s Karen Bruner of the managed Kubernetes offerings from Amazon Web Services, Microsoft Azure and Google Cloud.
View all episodes
By The New Stack
4.3
3131 ratings
Listen to more from The New Stack here: https://thenewstack.io/podcasts
Welcome to The New Stack Context, a podcast where we discuss the latest news and perspectives in the world of cloud native computing. For this week’s episode, we spoke with Liran Tal, a developer advocate at container security platform provider Snyk and a member of the Node.js security working group, about who should own security in the DevOps process — the security team or the development?
TNS editorial and marketing director Libby Clark hosted this episode, alongside founder and TNS publisher Alex Williams and TNS managing editor Joab Jackson.
Tal wrote an article for us recently, “‘DevSecOps Insights 2020’: Who Really Owns Security in DevOps,”which summarized the results of a survey the company carried out covering security, development and operations. The post included a couple of surprising survey results, namely that only 14% of respondents reported that they test for known vulnerabilities in container images, and 38% of respondents don’t integrate automated security scanning into their DevOps pipeline.
As Tal writes in the post:
When that many respondents agree security is a major concern when trying to deliver software quickly, it means we need to scale up security to enable fast delivery of security fixes. The key to doing that is developers, as they ultimately fix security issues in an application’s source code.
We also get Tal’s views on incorporating security into the a Continuous Integration/Continuous Delivery (CI/CD), the need for development speed, as well as his thoughts on the recent purchase of npm by GitHub.
Then, later in the show, we discuss some of the top podcasts and news stories from the site. An episode of The New Stack Analysts podcast provides fodder for discussing service mesh adoption. Also on the agenda: Frustrations mount over Python 3 migrations; Project Calico offers a faster data plane with the help of eBPF; and an excellent side-by-side comparison offered by StackRox’s Karen Bruner of the managed Kubernetes offerings from Amazon Web Services, Microsoft Azure and Google Cloud.
More shows like The New Stack Podcast
View all
The New Stack Analysts
9 Listeners
The New Stack @ Scale
3 Listeners
The Changelog: Software Development, Open Source
289 Listeners
The a16z Show
1,090 Listeners
Software Engineering Daily
622 Listeners
Thoughtworks Technology Podcast
43 Listeners
The New Stack Context
4 Listeners
Y Combinator Startup Podcast
225 Listeners
Syntax - Tasty Web Development Treats
987 Listeners
CoRecursive: Coding Stories
190 Listeners
Practical AI
207 Listeners
AWS Podcast
202 Listeners
The Stack Overflow Podcast
63 Listeners
Dwarkesh Podcast
517 Listeners
Big Technology Podcast
494 Listeners
AI and I
33 Listeners
BG2Pod with Brad Gerstner and Bill Gurley
465 Listeners
AI + a16z
35 Listeners