1. Short, iterative software development lifecycle with embedded automated security checks
  2. Repeatable development environments with homogenous security controls
  3. Version-controlled CI pipeline
  4. Process for implementing organization- or team-wide changes to said pipelines to facilitate post-incident security investigations
  5. Robust documentation, preferably using declarative methods that enables security as code
  6. A culture of encouraging innovation and tolerating the failure that accompanies it

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s