Guest blog by David Spark, Spark Media Solutions
“When Andreesen said software is eating the world, what that means is whoever is best at writing it wins,” noted Josh Corman (@joshcorman), CTO,Sonatype, who introduced rugged DevOps to the RSA Conference back in 2012.
I spoke to Corman back then, and every year since. I followed up with him at the 2016 RSA Conference in San Francisco to discuss what’s changed in DevOps.
Corman argues that DevOps has “become the last mile of innovation and differentiation.”
He sees huge improvements as we’re bringing in supply chain principles to modern software. Still, there are complications as security professionals are still trying to keep up with the speed of code.
For example, one of the complaints Corman has heard is it’s impossible to keep pace when the organization is pushing code once an hour and it takes a day or days to do a static analysis test or a source code review,
The problem boils down to the issue that “our tools don’t conform well to a continuous delivery model.”
Corman admits we’re losing the traditional and comfortable ways of doing development and security, but he argues that we gain so much more. It requires experimentation which he knows may be troubling for some.