According to the Splunk/Puppet’s 7th annual report on the “State of DevOps”, 51% of software development companies worldwide already work with their DevOps team. In contrast, the release-oriented software based on the waterfall model is slowly losing its importance. The most progressive companies in this sector publish several hundred (micro)releases per month. [Next: An unvarnished inventory] What does this mean for security testing? DevOps improves the classic approach to security testing that was practiced in the past: after Dev before Ops. DevSecOps seems to be the right method – at least because it includes security in the process. Unfortunately, it doesn’t go on as simply as that. DevSecOps is strongly dependent on the respective toolchain to ensure development quality (security […]