Shostack + Friends Blog


Gartner on DevSecOps Toolchain

[no description provided]

I hadn't seen "Integrating Security Into the DevSecOps Toolchain," which is a Gartner piece that's fairly comprehensive, grounded and well-thought through.

If you enjoyed my "Reasonable Software Security Engineering," then this Gartner blog does a nice job of laying out important aspects which didn't fit into that ISACA piece.

Thanks to Stephen de Vries of Continuum [link to no longer works] for drawing my attention to it.