Many DevSecOps Tools are Just DevOps Lipstick on an Old Pig
There are a lot of DevSecOps tools that are just DevOps lipstick on a slow security tool pig. Tools that don't give results for hours or sometimes days or lack the ability to integrate well with the dev team's other tools and practices are a non-starter. What's needed to add security to DevOps are tools that must be able to do their job within a rapid-cycle CI/CD pipeline. This is disruptive to the entire security tool landscape. This talk lays out the security tool categories that have traditionally been used by development teams and describes the characteristics of ones that fit as ones that don't fit in a DevOps world. Further, the talk presents a novel approach to evaluating DevSecOps tools and the results of using this evaluation approach on a subset of the most popular tools currently in the market.
DevSecOps Transformation Lead, Comcast