Snyk Community

loading...
Cover image for 31 Days of Security Awareness in DevSecOps - DAY 22
Snyk

31 Days of Security Awareness in DevSecOps - DAY 22

Alyssa Miller
Hacker, researcher, and Snyk application security advocate.
Updated on ・1 min read

In her 2017 talk at BlackHat USA "Orange is the new Purple", April C. Wright talked about the need for collaboration between red teamers (our pen-testers, hackers, etc.) and the yellow teamers (our devs). This is a concept that sits at the core of bringing security into the DevOps discussion. Just as uniting Dev and Ops resulted in reduced friction between those two silos of the organization, this same approach can also reduce friction with security.

InfoSec Color Wheel

It is crucial that we work together from a common vocabulary. Security can't just write-up vulnerabilities with a bunch of security jargon, throw it over the wall in a report, and expect that the Devs will be able to address it. Security and devs need to work together, collaborate on remediations and ensure a common understanding and goal of securing the software.

Read more about DevSecOps in our dedicated hub, and of course feel free to comment and share your thoughts.

(The Infosec Color Wheel. Image by April Wright and Louis Cremen from hackernoon.com used with permission.)

Discussion (0)