Check Point® Software Technologies Ltd.(link is external) announced that its Infinity Platform has been named the top-ranked AI-powered cyber security platform in the 2025 Miercom Assessment.
The Top Tools to Support DevSecOps - Part 5
May 31, 2018
DEVOPSdigest asked experts from across the IT industry — from analysts and consultants to users and the top vendors — for their opinions on the top tools to support DevSecOps. Part 5, the last installment, offers some final thoughts about "tools" that are not necessarily technology.
Start with The Top Tools to Support DevSecOps - Part 1
Start with The Top Tools to Support DevSecOps - Part 2
Start with The Top Tools to Support DevSecOps - Part 3
Start with The Top Tools to Support DevSecOps - Part 4
THE RIGHT PEOPLE
Investment in quality people is the single best investment in tooling an organization can make to support DevSecOps. From the executives that need to make the command decisions that weigh risk versus business goal, to the developers writing the applications, to the security teams that are trying to implement "Security at the Speed of Code." Without an investment in quality people, you end up with a hamstrung environment where even the most modest security practices are overlooked in favor of doing what is "easy" or "nimble." The "fail fast" mantra of DevOps should not be applied to a security program wherein the consumer bears all the weight of an unfortunate event.
John Stauffacher
Director - Offensive Security, Trace3(link is external)
DEVSECOPS CULTURE
Your most important tool needed for DevSecOps isn't a actually tool, or even a process: it's culture. You can influence culture — having support from the top is vital — but you can't prescribe it. Instead, you'll need to build a multi-disciplinary team of enthusiasts: not just security experts, but auditors, docs, ops and testing people and beyond. You'll help them through failures and successes, and then encourage them to spread the word across your organization: they become your most important tool for success.
Mike Bursell
Chief Security Architect, Red Hat(link is external)
DevSecOps is a culture and hence implementing it is mainly a mindset change. The tools will only drive the change, but the most important part is to go from having separate teams with siloed responsibilities in the software development lifecycle to having teams that are fully responsible for implementing, testing and running their code in production.
Isa Vilacides
Quality Engineering Manager, CloudBees(link is external)
COLLABORATION
Probably the most critical tool when trying to bring security colleagues along on your DevOps transformation is a whiteboard and a stack of post-it notes. Fundamentally the collaboration will rise or fall based on how well people from different teams and with different skills work together. Getting everyone physically together upfront, taking people away from how things work day-to-day, and holding a well organized and well run set of workshops is a great first step on your DevOps journey.
Gareth Rushgrove
Product Manager, Docker(link is external)
EMPATHY
Simply putting developers and security people into the same cube farm and telling them to work together won't work, of course — and will likely be counterproductive. Collaboration is key — but even the best collaboration tool in the world won't facilitate cooperation among people who feel they are in an adversarial relationship with each other. Just as with DevOps itself, therefore, the most important tool for DevSecOps is empathy — the ability to put yourself into the other person's shoes and see the problem space from their point of view. Once the team has sufficient empathy for each other, collaboration tooling is important to be sure — but tools don't make high-performance teams.
Jason Bloomberg
President, Intellyx(link is external)
Industry News
April 10, 2025
Orca Security announced the Orca Bitbucket App, a cloud-native seamless integration for scanning Bitbucket Repositories.
April 10, 2025
The Live API for Gemini models is now in Preview, enabling developers to start building and testing more robust, scalable applications with significantly higher rate limits.
April 09, 2025
Backslash Security(link is external) announced significant adoption of the Backslash App Graph, the industry’s first dynamic digital twin for application code.
April 09, 2025
SmartBear launched API Hub for Test, a new capability within the company’s API Hub, powered by Swagger.
April 09, 2025
Akamai Technologies introduced App & API Protector Hybrid.
April 09, 2025
Veracode has been granted a United States patent for its generative artificial intelligence security tool, Veracode Fix.
April 09, 2025
Zesty announced that its automated Kubernetes optimization platform, Kompass, now includes full pod scaling capabilities, with the addition of Vertical Pod Autoscaler (VPA) alongside the existing Horizontal Pod Autoscaler (HPA).
April 08, 2025
Check Point® Software Technologies Ltd.(link is external) has emerged as a leading player in Attack Surface Management (ASM) with its acquisition of Cyberint, as highlighted in the recent GigaOm Radar report.
April 08, 2025
GitHub announced the general availability of security campaigns with Copilot Autofix to help security and developer teams rapidly reduce security debt across their entire codebase.
April 08, 2025
DX and Spotify announced a partnership to help engineering organizations achieve higher returns on investment and business impact from their Spotify Portal for Backstage implementation.
April 07, 2025
Appfire announced its launch of the Appfire Cloud Advantage Alliance.
April 07, 2025
Salt Security announced API integrations with the CrowdStrike Falcon® platform to enhance and accelerate API discovery, posture governance and threat protection.
April 07, 2025
Lucid Software has acquired airfocus, an AI-powered product management and roadmapping platform designed to help teams prioritize and build the right products faster.
April 03, 2025
StackGen has partnered with Google Cloud Platform (GCP) to bring its platform to the Google Cloud Marketplace.
