TNS
VOXPOP
Will JavaScript type annotations kill TypeScript?
The creators of Svelte and Turbo 8 both dropped TS recently saying that "it's not worth it".
Yes: If JavaScript gets type annotations then there's no reason for TypeScript to exist.
0%
No: TypeScript remains the best language for structuring large enterprise applications.
0%
TBD: The existing user base and its corpensource owner means that TypeScript isn’t likely to reach EOL without a putting up a fight.
0%
I hope they both die. I mean, if you really need strong types in the browser then you could leverage WASM and use a real programming language.
0%
I don’t know and I don’t care.
0%
CI/CD / DevOps / Security

Add It Up: DevOps Security Needs More Tooling

Aug 9th, 2018 1:00pm by
Featued image for: Add It Up: DevOps Security Needs More Tooling

DevOps teams are involved with security but they need to do more. Two recent studies show that tooling is inadequate and that security is not properly integrated into the entire DevOps process.

A DevOps survey of over 1,000 IT pros by Logz.io found that DevOps handles security at 55 percent of organizations. The finding is unsurprising because 1) efforts to shift security left have often been implemented by DevOps teams responsible for interacting with the entire organization, and 2) 32 percent of the respondents were DevOps engineers. Whether or not this means these organizations actually do DevSecOps, 56 percent said they are at least beginning to implement the practice.

Just like with DevOps, DevSecOps can be viewed as either a culture or set of tools. Culture is inoculated via training developers, On the software side, DevSecOps is sometimes defined by the use of automated security testing and code dependency testing. As a sign that current software can do more, 57 percent of the Logz.io respondents said there are not enough tools available to make them successful at DevSecOps.

A different survey by Freeform Dynamics, The Register and Checkmarx provides more perspective on how different teams have to work together to make DevSecOps work. When asked about software security challenges, 62 percent of respondents strongly agreed that developers, testers, security specialists and ops staff need to work together. This desire has yet to match reality. More than half (56 percent) believe that integration of security into the entire DevOps process is either poorly done or non-existent.

Software integrated into a CI/CD pipeline can address some of the need to integrate security into the entire DevOps process. Yet, if this is the case, does that mean that DevOps engineers will be stuck executing the security requirements of Information Security and babysitting Development? Stay tuned for the The New Stack’s next installment in the ongoing DevSecOps saga.

Feature image via Pixabay.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: The New Stack, Checkmarx.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.