Considerations for DevOps projects
The last model that we will walk through in detail is DevOps. Remember that there are as many...
"Things such as DevOps, DevSecOps, and all of the "infrastructure as code" and all that doesn't change things. With the risk environment, if you understand it and have done it in a systematic way, you know what the risks are. Yes, there are new vulnerabilities being discovered every day, but they're not new potential things that could go wrong, they're just in different places. "There's a buffer overflow in the web browser instead of the email client." Who cares; it's still a buffer overflow – what you're trying to do is protect access control to the underlying platform. The particular way in doing this or the method of attack used doesn't change the impact – though it might change the likelihood."
– Andrew S. Townley, Chief Executive Officer Archistry Incorporated
The last model that we will walk through in detail is DevOps. Remember that there are as many...