Shostack + Friends Blog

Gartner on DevSecOps Toolchain

[no description provided]

I hadn't seen "Integrating Security Into the DevSecOps Toolchain," which is a Gartner piece that's fairly comprehensive, grounded and well-thought through.

If you enjoyed my "Reasonable Software Security Engineering," then this Gartner blog does a nice job of laying out important aspects which didn't fit into that ISACA piece.

Thanks to Stephen de Vries of Continuum [link to https://www.continuumsecurity.net/ no longer works] for drawing my attention to it.

Originally published by Adam on 10 Apr 2018
Last updated on 12 Jul 2022
Categories: security software engineering threat modeling

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The ATOM feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.