Chapter 7. Securing Your Binaries

Data is the pollution problem of the information age, and protecting privacy is the environmental challenge.

Bruce Schneier, Data and Goliath

Software security is a critical part of any comprehensive DevOps rollout. New breaches uncovered in the past year have called attention to the consequences of weak software security, and have prompted the creation of new government security regulations. The impact of meeting these new regulations spans across the entire software lifecycle, from development through production. As a result, DevSecOps is something that every software developer and DevOps professional needs to understand.

In this chapter, you will learn how to evaluate your product and organizational risk for security vulnerabilities. We will also cover static and dynamic techniques for security testing, and scoring techniques for risk assessment.

Regardless of your role, you will be better prepared to help secure your organization’s software delivery lifecycle. But first let’s look deeper into what happens if you don’t have a focus on security and take steps to secure your software supply chain.

Supply Chain Security Compromised

It started in early December 2020, when FireEye noticed that it had become a victim of a cyberattack, which is remarkable because the company itself specializes in detecting and fending off cyberattacks. Internal analysis showed that the attackers managed to steal FireEye internal tools, ...

Get DevOps Tools for Java Developers now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.