Sign up to save your podcasts
Or
Share Episode 109 : DevOps - Who Should Own Security ?
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 109 : DevOps - Who Should Own Security ?
Listen to more from The New Stack here: https://thenewstack.io/podcasts
Welcome to The New Stack Context, a podcast where we discuss the latest news and perspectives in the world of cloud native computing. For this week’s episode, we spoke with Liran Tal, a developer advocate at container security platform provider Snyk and a member of the Node.js security working group, about who should own security in the DevOps process — the security team or the development?
TNS editorial and marketing director Libby Clark hosted this episode, alongside founder and TNS publisher Alex Williams and TNS managing editor Joab Jackson.
Tal wrote an article for us recently, “‘DevSecOps Insights 2020’: Who Really Owns Security in DevOps,”which summarized the results of a survey the company carried out covering security, development and operations. The post included a couple of surprising survey results, namely that only 14% of respondents reported that they test for known vulnerabilities in container images, and 38% of respondents don’t integrate automated security scanning into their DevOps pipeline.
As Tal writes in the post:
When that many respondents agree security is a major concern when trying to deliver software quickly, it means we need to scale up security to enable fast delivery of security fixes. The key to doing that is developers, as they ultimately fix security issues in an application’s source code.
We also get Tal’s views on incorporating security into the a Continuous Integration/Continuous Delivery (CI/CD), the need for development speed, as well as his thoughts on the recent purchase of npm by GitHub.
Then, later in the show, we discuss some of the top podcasts and news stories from the site. An episode of The New Stack Analysts podcast provides fodder for discussing service mesh adoption. Also on the agenda: Frustrations mount over Python 3 migrations; Project Calico offers a faster data plane with the help of eBPF; and an excellent side-by-side comparison offered by StackRox’s Karen Bruner of the managed Kubernetes offerings from Amazon Web Services, Microsoft Azure and Google Cloud.
View all episodes
By The New Stack
4.3
3131 ratings
Listen to more from The New Stack here: https://thenewstack.io/podcasts
Welcome to The New Stack Context, a podcast where we discuss the latest news and perspectives in the world of cloud native computing. For this week’s episode, we spoke with Liran Tal, a developer advocate at container security platform provider Snyk and a member of the Node.js security working group, about who should own security in the DevOps process — the security team or the development?
TNS editorial and marketing director Libby Clark hosted this episode, alongside founder and TNS publisher Alex Williams and TNS managing editor Joab Jackson.
Tal wrote an article for us recently, “‘DevSecOps Insights 2020’: Who Really Owns Security in DevOps,”which summarized the results of a survey the company carried out covering security, development and operations. The post included a couple of surprising survey results, namely that only 14% of respondents reported that they test for known vulnerabilities in container images, and 38% of respondents don’t integrate automated security scanning into their DevOps pipeline.
As Tal writes in the post:
When that many respondents agree security is a major concern when trying to deliver software quickly, it means we need to scale up security to enable fast delivery of security fixes. The key to doing that is developers, as they ultimately fix security issues in an application’s source code.
We also get Tal’s views on incorporating security into the a Continuous Integration/Continuous Delivery (CI/CD), the need for development speed, as well as his thoughts on the recent purchase of npm by GitHub.
Then, later in the show, we discuss some of the top podcasts and news stories from the site. An episode of The New Stack Analysts podcast provides fodder for discussing service mesh adoption. Also on the agenda: Frustrations mount over Python 3 migrations; Project Calico offers a faster data plane with the help of eBPF; and an excellent side-by-side comparison offered by StackRox’s Karen Bruner of the managed Kubernetes offerings from Amazon Web Services, Microsoft Azure and Google Cloud.
More shows like The New Stack Podcast
View all
Freakonomics Radio
32,333 Listeners
The Joe Rogan Experience
230,234 Listeners
The Tim Ferriss Show
16,178 Listeners
The New Stack Analysts
9 Listeners
The New Stack @ Scale
3 Listeners
Software Engineering Radio - the podcast for professional software developers
272 Listeners
Pivot
9,747 Listeners
The a16z Show
1,101 Listeners
Software Engineering Daily
624 Listeners
The Cloudcast
151 Listeners
The New Stack Context
4 Listeners
DevOps Paradox
25 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
10,268 Listeners
Dwarkesh Podcast
528 Listeners
Hard Fork
5,540 Listeners
The Rest Is History
15,865 Listeners