U.S. Naval Observatory Resources: DevSecOps Resources

Building A Modern Security Program by Zane Lackey, Rebecca Huehls

The DevSecOps Playbook by Sean D. Mack In The DevSecOps Playbook: Deliver Continuous Security at Speed, Wiley CISO and CIO Sean D. Mack delivers an expert analysis of how to keep your business secure, relying on the classic triad of people, process, and technology to examine—in depth—every component of DevSecOps. In the book, you'll learn why DevSecOps is as much about people and collaboration as it is about technology and how it impacts every part of our cybersecurity systems.

DoD Enterprise DevSecOps Fundamentals The DoD Enterprise DevSecOps Fundamentals, along with other supporting guidance available at https://dodcio.defense.gov/library/, provides education, best practices, and implementation and operational guidance for information technology (IT) capability providers, IT capability consumers, product teams, and Authorizing Officials (AO). It is intended to build a community that understands the realm of the possible and is motivated to pursue the possible to enable a warfighting force strengthened by software.

Implementing DevSecOps Practices by Vandana Verma Sehgal Get to grips with application security, secure coding, and DevSecOps practices to implement in your development pipeline. By the end of this book, you’ll know how to apply application security, safe coding, and DevSecOps practices in your development pipeline to create robust security protocols.

Innovative Data Communication Technologies and Application: Proceedings of ICIDCA 2020 by Jennifer S. Raj, Abdullah M. Iliyasu, Robert Bestak, Zubair A. Baig This book presents the latest research in the fields of computational intelligence, ubiquitous computing models, communication intelligence, communication security, machine learning, informatics, mobile computing, cloud computing and big data analytics. The best selected papers, presented at the International Conference on Innovative Data Communication Technologies and Application (ICIDCA 2020), are included in the book. The book focuses on the theory, design, analysis, implementation and applications of distributed systems and networks.

Learning DevSecOps by Steve Suehring How can organizations integrate security while continuously deploying new features? How can some maintain 24-7-365 operations at internet scale? How do they integrate security into their DevOps organization? This practical guide helps you answer those questions and more. Author Steve Suehring provides unique content to help practitioners and leadership successfully implement DevOps and DevSecOps. Learning DevSecOps places an emphasis on prerequisites for success before looking at best practices, and then takes you through some of the tools and software used by successful DevSecOps-enabled organizations. You'll learn how DevOps and DevSecOps can eliminate the walls that exist between development, operations, and security so that you can tackle the needs of other teams early in the development lifecycle.

The State of DevSecOps within the Department of Defense Since the release of the DIB SWAP report in 2019, Software Is Never Done: Refactoring the Acquisition Code for Competitive Advantage, the Department of Defense (DoD) has focused on transforming our software development and acquisition practices. The core of this transformation is DevSecOps, a process that breaks down silos, inculcates security, and rapidly delivers software into production following the best practices of modern technology companies. Over the past 5 years, DoD has made significant strides in adopting DevSecOps practices. There are over 50 software factories using DevSecOps to deliver code into production, learning how to incorporate these practices into the high-stakes DoD environment and providing templates and patterns for generalized transition.