During the past two decades, we have started shifting from the waterfall project planning to a more agile organization of our software development practices. Utilizing Scrum, Kanban, and Lean practices we are now better prepared for the unknown and can faster react to the changing requirements, product plans, and team rotation. But it seems that the security requirements for the software we are producing are still living in the "Waterfall World". They are usually being verified as the last step of the development, introducing further delays or simply leaving the deployed software with more and more vulnerabilities.
Learning the lessons from how the Development and Operations teams joined their forces together mobilizing themselves under a common DevOps umbrella, security teams don't want to stay behind. They see it as a chance to get more involved at each step of the software development in an Agile fashion. Hence DevSecOps approach, closing the gap between the security teams and the rest of the engineering organization.
In my talk, I will show examples of how DevSecOps can lead to a faster feedback loop related to the security issues in the software you are developing. Furthermore, I will explain how to transform your Agile Software Development practices to leverage this new DevSecOps approach and thanks to that produce code with much fewer security vulnerabilities.