10 Steps Every CISO Should Take to Secure Next-Gen Software

Context: DevOps Principles That CISOs Often Overlook

Sometimes, it can feel like developers and security are each speaking a different language. In some ways they are. Combine that with a massive sea change in which developers themselves are grappling with new and evolving development technologies, tools, and frameworks, and it’s a bit of the Wild West! Without going into too much detail, let’s highlight some critical areas to quickly get the security professional up to speed on the terms, what they mean, and why they are relevant to security.

Git What? Knowing the Lingo

Git, GitHub, GitLab: are they all the same thing? Should you care about the difference? It’s all for developers anyway, right? Why does it matter to security? Let’s begin by demystifying the terms around Git, understanding how it fundamentally changes the software development life cycle (SDLC), and looking at the security implications.


Started in 2005, Git is a free and open source distributed version control system, used to help multiple software developers work on a given code base. The first distributed version control (BitKeeper) changed the workflow from the developer asking, “Can you add me to version control?” to making their own copy, changing the code, and then checking in their contribution. This change was revolutionary in that developers no longer needed to be invited to contribute to open source code repositories as well as proprietary ...

Get 10 Steps Every CISO Should Take to Secure Next-Gen Software now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.