#devopsdays
DevOps Finishes What Agile Started
Agile
DevOps
Plan Code Build Test Release Deploy Operate
VALUE
#devopsdays
-
1,000
2,000
3,000
4,000
5,000
6,000
7,000
8,000
2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
Req
uest
s in
Mill
ions
8 Billion Requests in 2012
#devopsdays
The Component Revolution
Applying Supply Chain Concepts to Software Development
#devopsdays
Business Risk
Security
Licensing
Quality Issues
Poorly Managed Components Puts Organizations At Risk
#devopsdays
Struts Widespread Compromise: CVE-2013-2251
Global Bank
So+ware Provider
So+ware Provider’s Customer
State University
Three-‐Le?er Agency
Large Financial Exchange
Hundreds of Other Sites
#devopsdays
Complexity Diversity Volume Change
One component may rely on 00s of others
40,000 Projects 200MM Classes
400K Components
Typical Enterprise Consumes
000s of Components Monthly
Typical Component is Updated 4X
per Year
Organizations Can’t Keep Pace
#devopsdays
What’s this got to do with
DevOps?
Components are used to build applications. Agile Development is factored into how DevOps works. DevOps Success is dependent on supporting how applications are built today.
#devopsdays
DevOps Must Support Component-based Development!
Release Management is Key to DevOps Success
#devopsdays
#devopsdays
Flaws That Filter Through to Production Can Cripple You
Policies
#devopsdays
Automated Policies are Necessary to Keep Up
#devopsdays
Guide Developers With Component Intelligence in Their IDE
#devopsdays
Support the Build/CI/CD Process With Integrated Intelligence
#devopsdays
Shifting Activity Left Eliminates Downstream Impact
#devopsdays
Prevent Problems from the beginning to eliminates downstream effort. Identify Vulnerabilities early to speed development & decrease cost. Incorporate Security into the design process vs. security as an afterthought. Remediate Flaws vs. solely focusing on problem identification.
It’s More Than Shifting the Testing Effort
“Prevention is the Ultimate Form
of Shifting Left”
Curtis Yanko Architecture Manager – Application Development & Delivery Services
#devopsdays
CULTURE
Respect & Trust
Problem Solving Shared Information
#devopsdays
DevOps : A Natural Way to Assimilate Other Disciplines
QUALITY
DEV
OPS SECURITY
#devopsdays
Add “Sec” to DevOps
Overwhelmed? Consider these Questions
#devopsdays
Can we build an accurate inventory of our open source application components?
What applications are placing our business at risk?
If you want advice on how to get started, please talk to me during DevOpsDays, or contact me
anytime…
Manfred Moser
@simpligility
Let Me Know if You Need Help!
#devopsdays