We welcome any initiative that brings DevSecOps practices to the forefront, so it is great to see that NIST is truly unifying these efforts so that DecSecOps becomes a standard for federal agencies.
DevSecOps as a framework is currently being considered by NIST as a means of standardising the embedding of security controls at the beginning of the SDLC.
This goes in line with what many in the industry have been noting. Recently, Jason Green from Sonatype pointed out that “the Time is Now for DevSecOps in the Federal Government”. Ron Ross is actively leading the project at NIST’s to develop a DevSecOps framework similar to its Cybersecurity Framework.
“We have to change the fidelity of the process of developing devices from the very start”, Ross said at an Advanced Technology Academic Research Center conference on March 10.
As originally posted by Fedscoop, NIST is “currently gathering information on products developed using DevSecOps, an organizational philosophy that combines agile software development, security testing and tools for rapid delivery of applications and services”.
This is a promising step towards standardising secure software practices and we’ll be following NIST’s development in this area closely.