Published By: CheckMarx
Published Date: Apr 03, 2019
In the early years of software development, you would often design it, build it, and
only then think about how to secure it.
This was arguably fine in the days of monolithic applications and closed networks,
when good perimeter-based protection and effective identity and access management
would get you a long way towards minimising the risk. In today’s highly connected,
API-driven application environments, however, any given software component or
service can be invoked and potentially abused in so many different ways. Add to this
the increasing pace of change through iterative ‘DevOps-style’ delivery and ever-faster
release cycles, and many understandably assert that security management and
assurance nowadays needs to be an ongoing and embedded part of the development
and delivery process.
This paper looks at the needs of build and release management, how those needs are met by open source and commercial tools that go way beyond the likes of Make or Ant, and the real costs of creating and maintaining a homegrown system.